Sorryforthis Ransomware

The name of Sorryforthis Ransomware might suggest to you that the attackers who control this malware are sorry; however, we can assure you that they are anything but sorry. It was discovered that this infection was created using the Noblis open-source code, which is why it is so similar to Noblis Ransomware and Cyclone Ransomware. The first infection was targeted at Spanish-speaking Windows users, but both Cyclone and Sorryforthis infections are targeted at English-speaking users, and both of them deliver the exact same message in English. Unfortunately, victims who face this message could be pushed into following very specific instructions. If you are about to follow them as well, we suggest that you read this report, and maybe you will change your mind. At the end of the day, regardless of what you choose to do, it is important to remove Sorryforthis Ransomware from your operating system. If you continue reading this report, hopefully, you will learn how to delete this malware.

It is likely that Sorryforthis Ransomware slithered into your operating system when you did something risky, like executing an unreliable downloader/installer or opening a strange file attached to a strange email. It is hard to say how this infection could slither into your operating system because it is always possible that different methods of distribution could be employed. We know one thing for sure, and that is that the threat is meant to be executed silently; otherwise, you could discover and remove it before files are corrupted. Once the infection is in place, a complex AES-256 encryption algorithm is employed to encrypt your files. During the encryption, the data within files is changed, and the “.sorryforthis” extension is added to names. This makes it easier to detect the corrupted files. Unfortunately, you cannot restore files by removing the “.sorryforthis” extension or by deleting Sorryforthis Ransomware itself. At the time of research, legitimate decryptors could not yet crack the encryption key used by this malware, and we do not know if such tools will be able to help you in the future.

Immediately after the files are encrypted, Sorryforthis Ransomware launches a window entitled “CRYPTER v2.40.” This number implies that other versions have come before this one, but that is something we cannot confirm at this point. The interface of the window is reminiscent of the CryptoLocker Virus, which was one of the first infections of this kind to emerge back in 2013. On the left, you can see an icon of a lock, a timer that counts down from 24:00:00, and the logo of Bitcoin, which is the crypto-currency that cybercriminals have chosen to accept ransom payments in. At the bottom, you are introduced to a Bitcoin Wallet address (12mdKVNfAhLbRDLtRWQFhQgydgU6bUMjay) – which was empty at the time of research – and the sum of the ransom. In our case, it was 0.08134, which was around 700 US Dollars. Needless to say, that is not a small price for a “decryption” key that, allegedly, would restore the corrupted files. By the way, the ransom note states that the key would be deleted in 24 hours, hence the timer on the right. Well, it does not look like Sorryforthis Ransomware has a way of identifying you or your payment, and that is a clear sign that you are unlikely to get anything in return for the payment. Needless to say, we do not recommend wasting your money.

Although it was not possible to restore files at the time of research, perhaps you have backups? More and more people these days use cloud storage and external drives to store copies of their personal files. Whether that is done for easy-access or security reasons, if you have backups, you can easily replace the files corrupted by Sorryforthis Ransomware. That, most likely, is the best-case scenario. The worst-case scenario is that you do not have backups, you waste your money by paying the ransom, and you do not get a decryptor in return. In this situation, you can do nothing else but learn from your mistakes. First and foremost, you must delete Sorryforthis Ransomware, and we suggest employing an anti-malware program because besides removing malware automatically, it will also ensure reliable protection. Second, figure out how to backup files in the future. Finally, reassess your own activity to make sure that you are not responsible for letting in malware in the future.

Sorryforthis Ransomware Removal

1. Close the infection’s window by clicking the X at the top.
2. Find the [unknown name].exe file that launched the threat.
3. Right-click the malicious file and choose Delete.
4. Empty Recycle Bin.
5. Install a trusted malware scanner.
6. Run a full system scan and check for potential leftovers.