ImSorry Ransomware
Posted: May 30, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 64 |
First Seen: | May 30, 2017 |
---|---|
OS(es) Affected: | Windows |
The ImSorry Ransomware is a Trojan that can block you from opening your files by encrypting them, which it uses to support its demands for ransom money. Victims who can't recover with backups should contact professional anti-malware researchers for help with decryption. Otherwise, remove the ImSorry Ransomware with any trusted brand of anti-malware software to prevent any more damage to your files.
Receiving Apologies While Being Held Up
Although even con artists can have second thoughts about breaking the law, usually, the underlying motivations of greed and opportunism prove stronger than any sense of morality. Sometimes, such conflicting sentiments even are seen in the act of the wrongdoing itself, such as the extortionist messages left by file-blocking Trojans. The ImSorry Ransomware is a new sample of such threats, with sharply rising detection rates from counteractive security solutions over the past week.
While its family is unknown, the ImSorry Ransomware operates similarly to elder file-encrypting threats like Hidden Tear. The ImSorry Ransomware searches the compromised PC's directories for PDF documents, ZIP archives, and other data not related to the OS and encodes it using a cipher. The Trojan also appends every locked file with the '.imsorry' extension, a tag malware experts only are seeing inside of the ImSorry Ransomware's campaign.
The ImSorry Ransomware then creates two messages containing its ransom-collecting parameters, in both Notepad TXT and a pop-up window. Although both notes include the demands for 500 USD in Bitcoins, the pop-up also includes other features to make the payment easier to the victim, such as a decryption key input field and a secondary backup feature that may be meant to limit damage from any unintended decryption problems.
Twenty-One Days to Make the Wrong Decision
While its author shows limited signs of professionalism, the ImSorry Ransomware does include some minor social engineering techniques to help encourage ransoms. Although the ImSorry Ransomware offers the victim three weeks to pay before the author deletes your decryption key, users with encrypted content always should check for public domain decryption solutions before resorting to Bitcoin ransoms. Paying a ransom in full never guarantees that the threat actor will restore your data, and cryptocurrencies like Bitcoin aren't subject to traditional refund policies.
The ImSorry Ransomware targets victims using the English language and doesn't appear to be the product of a non-native speaker. Other than these clues, few signs offer clear evidence of what installation exploits the ImSorry Ransomware may be using. Malware experts recommend that you back up your PC's valuable content and scan suspicious files (such as e-mail attachments) with anti-malware applications that could delete the ImSorry Ransomware and block its encryption routine.
The ImSorry Ransomware may apologize after the fact, but its repentance is skin-deep. With its ransoms costing hundreds of dollars, any PC users not protecting their systems adequately shouldn't place their hopes in the good-will of this Trojan's creator.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 205.82 KB (205824 bytes)
MD5: 859fe9dc1478333916c9a94253f93dd2
Detection count: 46
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 30, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.