SorryForThis Ransomware Description
A new ransomware threat called SorryForThis Ransomware has been detected in the wild. It is named after the extension it uses for the encrypted files - '.sorryforthis.' The criminals behind this malware may say that they are sorry, but that is not stopping them from extorting their victims for a significant amount of money in exchange for the restoration of the locked data.
Characteristics of the SorryForThis Ransomware
SorryForThis Ransomware was created using the Python programming language. The malware seeks to infiltrate vulnerable computer systems, encrypt all targeted files rendering them unusable, and demand money for their decryption. Most commonly, the affected files are Microsoft Office documents, OpenOffice, PDF, databases, text files, music, photos, videos and image files. The SorryFoThis Ransomware uses AES-256 as an encryption algorithm, which makes any attempts to brute force the encryption entirely futile. Note that the size of this threat reaches around 10Mb, which, admittedly, is not a whole lot in our day and age, but is still larger than the size of most other ransomware significantly.
After completing its encryption process, the SorryForThis Ransomware locks the screen of the victim's computer and displays a window containing the ransom note. Users are instructed to send a payment of around 0.08 bitcoins or $750 approximately at the current Bitcoin price. Victims are informed that if they do not send the money within 24 hours, the decryption key required for the successful return of their files will be deleted. The full text of the ransom note is:
'The important files on your computer have been encrypted with military grade AES-256 bit encryption.
Your documents, videos, images and other forms of data are now inaccessible, and cannot be unlocked without the decryption key. This key is currently being stored on a remote server.
To acquire this key, transfer the Bitcoin Fee to the specified wallet address before the time runs out.
If you fail to take action within this time window, the decryption key will be destroyed and access to your files will be permanently lost.'
A Generic Ransomware Generator may Have Been Used for the SorryForThis Ransomware
It appears that the SorryForThis Ransomware has some striking similarities with two observed ransomware threats previously - the Cyclone Ransomware and the Noblis Ransomware. Apart from using Python, all three of them have the same window layout for their respective ransom notes. Not to mention that the crooks responsible for the SorryForThis Ransomware couldn't be bothered to come up with an original text for their ransom note, and instead have opted to copy word for word from the one used by the Cyclone Ransomware. When all of this is taken into account, the only logical conclusion is that a generic ransomware generator tool must have been used for all three.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to SorryForThis Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.