It is not that hard for Sorryforthis Ransomware to slither into your Windows operating system, and when it does that, it starts encrypting personal files. Amongst the files that might end up being corrupted, you are likely to find photos and documents, videos and music files, as well as archives. The damage caused by this malware totally depends on what kinds of files exist on your operating system. For example, if it is your office computer that is infected, maybe you do not need to worry about childhood photos, but your work documents might be just as important. In the best-case scenario, there are no important files on the infected machine, or you have backups for all infected files stored someplace safe. Arguably, the safest places to store backup files are external drives and cloud storage platforms. If you do not need to worry about saving files, you should delete Sorryforthis Ransomware without further delay, but do not forget that the removal of this malware is important even if you end up losing personal files.
Sorryforthis Ransomware might be a new infection for you, but for our research team, it is just a clone of Noblis Ransomware and Cyclone Ransomware. Were these infections built by the same attackers? That is unknown, but it is obvious that the same source code was used to build them. Most likely, this malware slithers into operating systems when their users are tricked into opening corrupted email attachments or downloading bundled files. However, it is also possible that other infections have dropped Sorryforthis Ransomware, and if that is the case, you need to find and delete these infections also. Note that unpatched vulnerabilities within the system could also open up backdoors via which cybercriminals could drop malware. If the infection is not removed in time, it encrypts files mercilessly, and only then it reveals itself using a window called “CRYPTER v2.40.” The window launched by Cyclone Ransomware also showed the same number, and so it is possible that these two threats were created at the same time, or the number simply does not mean anything.
The window launched by Sorryforthis Ransomware delivers a message that is meant to convince you to pay a ransom in return for a decryption key. The message is written in English, and it informs that the key would be destroyed if the ransom was not paid within 24 hours. A timer showing you how much time is left is displayed on the left. It does not look like the ransom sum – which is represented in Bitcoin – is fixed, but it is likely to convert to around $700. At the time of research, victims of this malware were instructed to send this money to 12mdKVNfAhLbRDLtRWQFhQgydgU6bUMjay, but no transactions had been made to this Bitcoin wallet. Hopefully, that means that Windows users are not actively attacked by this malware or that they do not believe the promises introduced to them. If you believe that you would get a decryptor after paying the ransom and that all files with the “.sorryforthis” extension appended to their names could be decrypted using it, you are likely to be mistaken. Most likely, if you pay the ransom requested by Sorryforthis Ransomware creators, you will be left empty-handed.
Where is the .exe file that launched Sorryforthis Ransomware? If you know the location and name of this file, you will be able to remove the infection manually, if that is what you want. Alternatively, you can employ anti-malware software that can detect and remove Sorryforthis Ransomware automatically. We strongly recommend employing this tool because it will guarantee that all threats are eliminated and that your operating system is also protected against malware and invaders in the future. Once you delete the threat, hopefully, you can replace the corrupted files using backups stored online or on external drives. If that is not an option, make sure you change your habits in the future. Remember that as long as your personal files are backed up, no one will be able to terrorize you using them.