- Slow Computer
- System crashes
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
We want to inform you about a ransomware-type computer infection that was deemed Imsorry Ransomware. This program was first seen at the end of May 2017, and it seems that it continues being distributed with some success. This program’s developers want you to pay a ransom for a decryption key to get your files back. However, you should know that there are no guarantees when dealing with cybercriminals. Therefore, you should consider removing this application from your PC altogether. To find out more about this highly malicious program, please read this article in its entirety.
While we do not have concrete and reliable information on how Imsorry Ransomware is disseminated, we believe that its developers must have set up an email server dedicated to automatically sending email spam to random email addresses to infect the PCs of unwary and curious users. The emails can look reliable as the developers may have customized them to appear as if they come from some sort of legitimate company such as FedEx, DHL, Amazon, and so on. The ransomware should be included as an attached file that may be presented as an invoice or receipt. The file can be named randomly and appear as a PDF file. However, it should be an executable in fact that will be placed in %TEMP% if you open it only but downloaded to either %USERPROFILE\Downloads or %USERPROFILE\Desktop if you choose to download it.
Once on your computer, Imsorry Ransomware will start encrypting your files. According to our research, this particular ransomware was set to encrypt MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, file archives, and so on. It uses a unique AES encryption algorithm to encrypt the files, and it does not look like there will be a free decryption tool anytime soon. Furthermore, the ransomware appends the encrypted files with an “.imsorry” file extension. Once the encryption is finished, this ransomware will drop a ransom note file named "Read me for help thanks.txt." The note reads that you have to pay the ransom it Bitcoins. The cybercriminals want 500 USD-worth of Bitcoins for the decryption key. Furthermore, the note features links where you can read more about the Bitcoin crypto currency and also links where you can purchase Bitcoins. Whether or not the ransom payment is reasonable to you is a different question entirely. The developers give you three weeks to pay the ransom and then delete the decryption key if you do not meet the deadline. However, you should keep in mind that you might not get the decryption key even after you pay.
We hope that you found this article insightful and now know what to do about Imsorry Ransomware. It is as bad as they come since it can encrypt your files with an advanced encryption algorithm and demand that you pay a rather significant sum of money. Furthermore, you cannot be certain that the cybercriminals will send you the decryption key after you pay. Therefore, we suggest that you consider removing this malicious program instead of paying the ransom. Granted you will not be able to decrypt your files if you delete the infection. You can eradicate Imsorry Ransomware using the guide below that involves using SpyHunter’s free scanner to locate the malware so that you could get rid of it manually.