ImSorry Ransomware

The ImSorry Ransomware is a ransomware Trojan that, surprisingly, apologizes to its victims after carrying out its attack. However, regardless of how sorry the people responsible for the ImSorry ransomware claim to be, this does not stop them from encrypting the victims' files and then demanding the payment of $500 USD in BitCoins in exchange for the decryption key. Like most other encryption ransomware Trojans, the ImSorry ransomware relies on extorting its victims, threatening them with the prospect of never recovering their files. The ImSorry ransomware uses a combination of the AES and RSA encryptions to make the victims' files inaccessible. Once the files become encrypted in the ImSorry ransomware attack, they are no longer accessible except to those with the decryption key (which the con artists hold in their possession until the victim agrees to pay the ransom). The best protection against threats like the ImSorry ransomware is to have a reliable backup system that can allow computer users to restore their files quickly from the backup copy instead of having to respond to the con artists' ransom demand.

The Fake Apology Contained on the ImSorry Ransomware’s Name

The ImSorry ransomware uses a strong encryption algorithm that includes several passes with the AES 256 encryption to ensure that the victim's files are not accessible in any way. Once the file has been encrypted by the ImSorry ransomware, the victim will not be able to open it. The ImSorry ransomware is designed to infect computers running the Windows operating system and will target the files generated by the user, avoiding files that are used by the operating system. In this way, the victim's files become compromised, but the ImSorry ransomware can still showing its ransom note and demanding payment from the victim. The following are some of the file types that the ImSorry ransomware targets in its attack:

'PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG.

The files encrypted by the ImSorry ransomware attack can be identified easily because the ImSorry ransomware will add the file extension '.imsorry' to the each affected file's name. After encrypting the victim's files, the ImSorry ransomware will display the following ransom note on the victim's computer, demanding the payment of a ransom in exchange for the decryption key:

'Im Sorry
Hello, I hate to inform you but your files have been encrypted.
To get them back you must pay me a small fee.
Instructions are buy btc then pay me then ill simply give you. your encryption key.
Step 1.
Make a account here
https://blockchain.info/wallet/#/signup
Step 2.
Buy bitcoin
Use one of the trade centers below to recieve bitcoin to pay me off
https://www.coinbase.com/
https://1ocalbitcoins.com/register/
Step 3.
Send the payment of 500 USD to the BTC address below
then i'll give you the key.
Places you can read about bitcoin
https://blog.newegg.comAhe-fastest-way-to-get-started-with-bitcoin/
https://bitcoin.ong/en/getting-started
You have 3 weeks to pay else i might delete the key or i might just give you the key idk
Be sure you put your btc address in the box below as this is how i track payments,
if you fuck around ill delete your key.
Once again,Sorry
button [I've Paid]
[Key goes here]
button [Decrypt Files]
BTC Address: 17JbNMFQeeSm6B5BM2zzoEeZ1o9x74JCsF
Your Address: Your adress goes here to check payment
button [Delete Backups]'

SpyHunter Detects & Remove ImSorry Ransomware