Home Malware Programs Ransomware Sorry HT Ransomware

Sorry HT Ransomware

Posted: April 2, 2018

The Sorry HT Ransomware is a file-locking Trojan and a part of the Hidden Tear family, whose code is freely available. The Sorry HT Ransomware uses encryption for locking your data, including pictures or documents, and creates text messages demanding ransoms for the decryptor. Users should avoid rewarding this extortion attempt, retrieve their files through means that are available without any charges, and have an anti-malware program uninstall the Sorry HT Ransomware from their computers.

An Apologetic Redo of Hidden Tear

Hidden Tear, the project of the Turkish researcher Utku Sen, is a favorite resource for any threat actor with more interest in saving time than creating a secure program. Although the result, usually, is a file-locking threat with working features that requires almost no development time, there are trade-offs and limitations. Malware experts can denote the Sorry HT Ransomware as showing why users may be almost glad of having their files under attack by a Hidden Tear derivative, instead of even more dangerous Trojans, like the Globe Ransomware or the Jigsaw Ransomware.

The Sorry HT Ransomware is a Windows programs that, when it runs, begins encrypting the user's media with an AES algorithm. The attack can block different formats of non-critical files, including Word documents, Excel spreadsheets or pictures. The Sorry HT Ransomware also appends a '.sorry' extension onto each filename without removing any of the original text.

Malware researchers are citing visible Command Prompt windows as being evidence that the Sorry HT Ransomware is 'under construction.' The Sorry HT Ransomware issues various system commands within the CMD, including one for deleting the Shadow Volume Copies that Windows could use for restoring any of the locked files. The Trojan completes its attack by creating two copies of a ransom note, which asks the user to contact an e-mail for negotiating a file-unlocking price.

As a simple variant of Hidden Tear, the Sorry HT Ransomware is compatible with public decryption solutions. Users can recover their files freely by downloading this software from a reputable cyber-security organization, and without paying any ransoms.

Making the Sorry HT Ransomware's Threat Actor Sorry for Wasting His Time

Even though the current build of the Sorry HT Ransomware is decryptable easily, users never should assume that decryption is always practical or possible. Backing up your files to USB devices or otherwise segregated storage, such as cloud services, can provide a definitive recovery option. The Sorry HT Ransomware's encryption takes place without any consent or symptoms, and, depending on how many files are under attack, may complete itself in less than a minute.

Malware researchers see no evidence related to the infection strategies that the Sorry HT Ransomware could use for its installation routine. Spam e-mails are typical for file-locking threats like the Sorry HT Ransomware but exploit kits, brute-force attempts to break passwords, and even torrents are previous vehicles for the delivering of similar Trojans. However, any anti-malware program should block, and then delete or quarantine the Sorry HT Ransomware, immediately.

Hidden Tear 'remixes' include many variants, like the Western Union-themed Ultimo Ransomware, the Portuguese Instalador Ransomware, the non-monetized RansomMine Ransomware and the Bitcoin-demanding Balbaz Ransomware. Like all of them, the Sorry HT Ransomware is a warning about the risk of ignoring your backups and Web-browsing security standards, both of which can keep you from losing files and money.

Loading...