SorryForThis Ransomware
The SorryForThis Ransomware is a file-locking Trojan based on the Python programming language. As a possible variant of the Noblis Ransomware, free unlocker or decryptor services aren't likely to appear for this threat. Users should, instead, keep their backups secure and protect themselves with anti-malware applications appropriate for removing the SorryForThis Ransomware.
The Rebirth of a Trojan Coming into the World Apologizing
Two years after the Noblis Ransomware's appearance, malware researchers are finding a variant of the Trojan out in the wild. This evidence is likely to hinge on the threat actor's limited professional talent or funds since a free Trojan-generator kit can provide this customized build at no cost. The SorryForThis Ransomware has all of the usual dangers to files of the earlier Noblis Ransomware, which, unfortunately, uses a currently-secure encryption technique.
The SorryForThis Ransomware is notable for being part of a subset of file-locker Trojans that run off of the Python language, just like the Cyclone Ransomware, the '.impect File Extension' Ransomware or the PyLock Ransomware. Thanks to being the byproduct of an executable creator tool, the SorryForThis Ransomware is much larger than the average file-locker Trojan, which tends to run at under two megabytes. The SorryForThis Ransomware's installer, however, has a size of nearly ten megs – increasing the visibility of its downloading to the victim.
Despite its quirks, the SorryForThis Ransomware represents a genuine danger to users whose computers become infected. It locks documents and other files with an AES algorithm and, after registering a mutex, loads a pop-up ransoming message. Unfortunately, the text also is part of a generic template and isn't a reliable clue for determining the author's nationality or his or her preference for victims. Malware researchers also checked the associated Bitcoin wallet link and found it functional but empty, with no known transactions.
Getting Sorry Software Away from Your Files
The fact that the SorryForThis Ransomware uses ancient code isn't a proven vulnerability to its file-locking feature. Such attacks are secured by threat actors using even minimal precautions comfortably, and users also should prepare themselves for the possible deletion of any local, Windows backups. For the safety of any digital media, you always should move one backup off to another device, such as a reliable cloud service.
Besides having a backup, you also can protect your files by avoiding opening torrents, enabling macros on questionable documents, installing security patches, and using strong passwords. Disabling pop-ups, advertisements, Flash, Java, and JavaScript also improve your browser's security while surfing the Web. Although some file-locker Trojans use zero-day exploits that aren't preventable, most campaigns depend on user errors.
File-locking Trojans, usually, owe their existence to the rapid generation of copy-pasted Ransomware-as-a-Service variants. However, the SorryForThis Ransomware shows that no matter how long it's been since you took your eye off an ancient threat, it can spring back to life, when no one expects it.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.