Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Sorry HT Ransomware

Sorry HT Ransomware is a new threat that should be taken seriously as it can infiltrate your computer without your knowledge and encrypt all your important files in no time. This dangerous ransomware can encrypt hundreds of file extensions and render them useless. In other words, if you let this beast loose on your computer, you may loose all the encrypted files unless you have a recent backup saved somewhere safe. We usually recommend cloud storage or a removable drive to keep your backup secure for cases like this one, but you may also have hardware failure and it is great to have a way to restore your files. This ransomware program offers you to buy your way out of this nightmare; however, we do not believe that it is a safe way for you to act. In fact, it is more likely to get infected again by such cyber criminals than getting the decryption key or tool after payment. We advise you to remove Sorry HT Ransomware from your computer immediately.

If you find out that this dangerous threat has hit you, chances are you opened a spam e-mail and ran its attachment. Such a ransomware is mostly spread as a malicious file attachment posing as an image, a document, or a ZIP archive. Once you click to view this file, you can start up this malicious attack in no time. This also means that you will not be able to delete Sorry HT Ransomware without possibly losing your files. You need to be very careful with your mails even if you believe that you are protected by your spam filter. Nothing can protect you against your decision to open such a mail, though. Since this spam may be quite convincing and claim to regard an urgent matter like an unpaid fine or invoice, it is quite likely that you would want to see what it is about. But as you can see, opening the attachment can lead to possibly irreversible damage on your system.

Another option is that you use outdated browsers and drivers. If you land on a malicious website using Exploit Kits, it is very easy to infect your system with such a ransomware threat. It is enough for you to click on the wrong third-party ad or link on a suspicious website (online gaming, file-sharing, betting, dating, or porn) and you could be redirected to a malicious site with Exploit Kits. It can also happen when your computer is infected with, for example, adware programs. If you do not want to end up having to delete Sorry HT Ransomware or any other dangerous threats next time, you should make sure that all your programs are updated regularly.

This ransomware infection seems to operate through the malicious executable file you launch and it does not copy itself anywhere on your system. It does create a Point of Execution (PoE), though in your Windows Tasks Scheduler to run automatically every time you restart your machine. This malicious program targets every location on your system except paths containing these strings: Windows, ProgramData, Program Files, Program Files (x86), AppData, Application Data, nvidia, and intel. It can encrypt hundreds of file extension and appends ".sorry" to each original file extension. This ransomware is based on the infamous Hidden Tear Ransomware, which is an open-source project. In fact, it seems so poorly coded that it was either created by amateurs or it is not a finished infection yet.

The ransom note is called "How Recovery Files.txt" and it is dropped in every folder where files have been affected. This note is very simple and does not reveal too much about this attack or the payment method, either. You have to send an e-mail to or including your personal ID, which you can find in the note. After the attack a "deleteMyProgram.bat" file is also created in the same directory as the main executable to delete all the shadow copies. It is also supposed to delete the PoE, the malicious executable, and the .bat file as well. We do not believe that it is a good idea to support cyber criminals by paying them any money. If you want to restore your computer, we suggest that you remove Sorry HT Ransomware ASAP.

Hopefully, you do have a backup and you can use it to recover your most important files after you have cleaned your system of this dangerous ransomware. Please use our instructions below if you want to do this manually. Please note that it is quite possible that you will only find the ransom notes on your system as this threat is supposed to clean up after itself; well, more or less. If you do not want to experience similar nightmares, we advise you to install a trustworthy malware removal application like SpyHunter as soon as possible.

How to remove Sorry HT Ransomware from Windows

  1. Press Win+E.
  2. Locate the malicious executable where you launched it from. If you can still find it there, delete the file.
  3. Locate the tasks folder at "C:\Windows\System32\Tasks" and "C:\Windows\Tasks" and see if "JohnCena" is still there, then, delete the task.
  4. Delete all ransom notes called "How Recovery Files.txt" from all affected folders.
  5. Empty your Recycle Bin.
  6. Restart your computer.
Download Spyware Removal Tool to Remove* Sorry HT Ransomware
  • Quick & tested solution for Sorry HT Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.