SorryForThis Ransomware Description
Cybercriminals from all over the world keep developing and distributing ransomware threats. This is due to the fact that even individuals with little skill and almost no experience in the field of cybercrime can try their luck with a ransomware threat. This is because it is very easy for one to get their hands on the code of already existing data-encrypting Trojans and alter it to their liking. One of the newest file-locking Trojans spotted in the wild is called the SorryForThis Ransomware.
The Authors Have Likely Used a Free Ransomware Builder
Upon dissecting the SorryForThis Ransomware, malware researchers concluded that it is highly likely that the authors of this threat may have used a free ransomware builder. These builders are available online and make it much easier for shady individuals to create data-encrypting Trojans without too much effort. The researchers studying the SorryForThis Ransomware came to this conclusion as they spotted stark similarities between this ransomware threat and two other variants dubbed Cyclone Ransomware and Noblis Ransomware. All three ransomware threats appear to have very similar code and design.
Propagation and Encryption
It is not clear how the SorryForThis Ransomware is being distributed exactly. Some speculate that the creators of the SorryForThis Ransomware are taking utilizing mass spam email campaigns to spread this threat. This is likely the most common technique of spreading ransomware threats. The emails in question often contain a corrupted attachment that the user is urged to open. Upon opening the attached file, the users also will trigger the execution of the bad code it carries, and infect their PCs. There are other infection vectors that can be used to distribute ransomware threats such as bogus software updates, torrent trackers, and pirated copies of popular applications. Data-locking Trojans make sure to cause enough damage to the compromised host that the user will consider paying up the ransom fee demanded. This is why they often target a very long list of file types, as this increases their chances of being paid. The SorryForThis Ransomware will scan the system looking for the aforementioned filetypes, and once they have been located, the threat will begin its encryption process. All the encrypted files will likely be given an additional extension at the end of their file names.
The Ransom Note
After the encryption process is through, the SorryForThis Ransomware will present the user with its ransom note, which pops up in a new window. The background of the window is red, and the note states, "YOUR FILES HAVE BEEN ENCRYPTED!." The attackers claim to have used the AES-256 encryption algorithm. They state that the victim needs to pay a ransom fee in exchange for a decryption key, which will supposedly unlock all the affected files. The ransom fee mentioned is 0.08 Bitcoin (which is $740 approximately at the time of typing this post). The attackers also appear to have set a 24-hour deadline and claim that unless the ransom fee is paid within this timeframe, they will destroy the decryption key, which the victim needs to unlock their data.
We would advise you against working with cyber crooks. They do not tend to keep their promises, and you may never receive the promised decryption key even if you pay the hefty sum demanded. You should consider downloading and installing a reputable anti-virus software suite, which will not only help you remove the SorryForThis Ransomware from your system but keep your computer safe in the future.
Do You Suspect Your PC May Be Infected with SorryForThis Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like SorryForThis Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.