All Windows users need to be cautious about Sorry HT Ransomware, a malicious file-encrypting infection that was built using the well-known Hidden Tear source code. Our researchers have thoroughly analyzed this threat, and it was found that it is poorly coded, which suggests that it might have been created by amateurs. This would not be out of the ordinary, considering that the source code is available to anyone and everyone. Although the infection appears to be unfinished, that does not mean that it is harmless. Quite the opposite. When the malicious ransomware invades the system, it quickly starts encrypting files, and it can do that with 250 different types of files, and so the chances of you having your personal files corrupted are very high. Hopefully, there’s still time for you to protect your operating system and your personal files against this malicious infection; however, if it has invaded already, you need to figure out how to delete Sorry HT Ransomware. This is what we are here to help you with.
Was Sorry HT Ransomware executed when you opened a corrupted spam email attachment? If that is the case, you can blame no one but yourself for the invasion of this malware. Spam emails are often used to expose gullible users to scams, as well as malware, and so you need to stay away from them at all times. If you are not cautious, the infection slips in silently, and then it starts malicious processes. First, it creates a task named “JohnCena” in the Task Scheduler to ensure that Sorry HT Ransomware is launched successfully. Then, the AES key is generated to encrypt files, and the process begins shortly after that. Although the infection does not corrupt files that are stored in folders with words AppData, Application Data, intel, nvidia, ProgramData, Program Files, Program Files (x86), or Windows in the names, it can encrypt hundreds and thousands of personal files. The “.sorry” extension is attached to the ones that are encrypted. If your personal files are backed up online or on external drives, you can remove the corrupted files immediately because recovering them is not possible. Unfortunately, the shadow volume copies are erased using the “vssadmin delete shadows /all /quiet \r\n” command.
The shadow volume copies are deleted with the help of a file named “deleteMyProgram.bat.” This file should also remove Sorry HT Ransomware once it is done encrypting files, along with the “JohnCena” scheduled task. This BAT file is one of the two files that the ransomware creates. The other one is the ransom note file, “How Recovery Files.txt.” According to it, you can recover files only if you email your ID to email@example.com or firstname.lastname@example.org. If you do that, you will be pushed to pay a ransom. At this point, we do not know if the ransom is set, or if every user is introduced to a unique sum, but what we know is that paying it might be a terrible idea. Once cyber criminals receive the ransom payment, they can move on to the next victim or the next ransomware, and they are unlikely to dedicate any of their time helping their victims. Unfortunately, it is most likely that you would not recover your files if you paid the ransom, and that is why doing that is not recommended.
You need to remove Sorry HT Ransomware no matter what. Even if you pay the ransom and your files are restored – which is unlikely to happen – the infection might remain active. As discussed earlier, the threat should delete itself using the deleteMyProgram.bat file after it completes all tasks, but it is possible that the threat would remain active. This is why we created a guide that shows how to delete the elements of Sorry HT Ransomware manually. If you have decided to install anti-malware software to protect you in the future – and that is your first line of defense – you can rely on it to eliminate the ransomware automatically as well. You should not hesitate to install anti-malware software because you want full protection against malicious threats. One more thing you should do to protect your files is to back them up, and if that has been taken care of already, the malicious ransomware must have done no damage at all.
|#||File Name||File Size (Bytes)||File Hash|
|1||SorryHT Ransomware.exe||20480 bytes||MD5: 1489f140fa72592951b602ed4c246807|
|2||How Recovery Files.txt||209 bytes||MD5: 2ca0cb87236e3cab3bd102aabb31c490|
|#||Process Name||Process Filename||Main module size|
|1||SorryHT Ransomware.exe||SorryHT Ransomware.exe||20480 bytes|