Sorry HT Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 2 |
| First Seen: | April 4, 2018 |
| Last Seen: | November 14, 2018 |
| OS(es) Affected: | Windows |
The Sorry HT Ransomware is an encryption ransomware Trojan that seems to be related to HiddenTear, an open source ransomware platform that was first released in 2015 directly. The Sorry HT Ransomware was released on March 26, 2018, and has been responsible for several attacks. There is very little (if anything) to differentiate the Sorry HT Ransomware from the vast majority of HiddenTear variants that are active today. PC users that want to avoid big problems should take precautions against the Sorry HT Ransomware and other ransomware Trojans since these attacks are becoming increasingly more common.
Table of Contents
The Hypocritical Apology on the Sorry HT Ransomware’s Name
The most common way in which the Sorry HT Ransomware is delivered to the victims is through spam email messages. The victims will get an email message with an attached DOCX file, which will download and install the Sorry HT Ransomware onto the victim's computer when opened. The Sorry HT Ransomware will encrypt the victim's files using a strong encryption algorithm, which includes AES 256 and RSA 2048 encryption. The Sorry HT Ransomware will mark the files it encrypts by adding to the file names the extension '.sorry.” Once the Sorry HT Ransomware has encrypted a file, the affected file will become unreadable and inaccessible without the decryption key, which is held by the people responsible for the attack. The Sorry HT Ransomware targets the user-generated files and avoids the Window system files. The file types that will be enciphered by threats like the Sorry HT Ransomware include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Sorry HT Ransomware’s Ransom Demand
The Sorry HT Ransomware demands a ransom payment in exchange for a decoding key. This is how ransomware Trojans like this one generate revenue. The Sorry HT Ransomware delivers its ransom notes in the form of two text files: 'How Recovery Files.txt' and 'hrf.txt.' The Sorry HT Ransomware ransom notes contain the following short text message:
'Hello, dear friend!
All your files have been ENCRYPTED
Do you really want to restore your files?
Write to our email - systems@hitler.rocks or systems@tutanota.com
and tell us your unique ID - ID_[10 RANDOM CHARS]'
This attack method is typical of these attacks and identical to most HiddenTear variants. However, PC users are advised to refrain from contacting the people responsible for the Sorry HT Ransomware attack. Instead, computer users should use a security suite that is fully up-to-date to remove the Sorry HT Ransomware entirely and then restore the affected files from a backup copy. It is very unlikely that these people would have a way to help the victims of the Sorry HT Ransomware attack recover their data.
Dealing with a Sorry HT Ransomware Infection
The best protection against threats like the Sorry HT Ransomware is to have file backups since the encryption method used by the Sorry HT Ransomware is quite strong, restoring the files without having the decryption key is nearly impossible. Fortunately, having file backups is so effective that if enough computer users were to establish these regularly, threats like the Sorry HT Ransomware would cease to exist since they rely on the con artists being able to have this leverage over their victims.
SpyHunter Detects & Remove Sorry HT Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | file.exe | 1489f140fa72592951b602ed4c246807 | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.