What is Sorry HT Ransomware?
If Sorry HT Ransomware has invaded your operating system and encrypted your personal files, most likely, there is nothing for you to delete because this threat has the capability of erasing itself once the attack is complete. The purpose of this infection is to make a request for a ransom, and since it can encrypt files, making this request is very easy. If the victims of this malicious infection do not have their personal files backed up online or on external drives, recovering files is not possible without a decryptor and/or decryption key, and the creator of this infection might offer it for a price. This infection works exactly like Mole66 Ransomware, Gedantar Ransomware, L0cked Ransomware, and all other similar infections that our Anti-Spyware-101.com research team has reported quite recently. Unfortunately, ransomware is a group of malware that continues to grow. Although there are security measures that can be taken to protect files and operating systems against it, Windows users often fail to take care of their virtual security in time. We discuss this, as well as the removal of Sorry HT Ransomware, in this report.
How does Sorry HT Ransomware work?
Sorry HT Ransomware was created using a well-known open-source code known by the name “Hidden-Tear.” Once the code went public, hundreds of infections were created using it. Since these infections are built and distributed by different parties, it is hard to say how exactly they are spread, and several different methods could be employed. According to our research, many of them use corrupted, misleading spam emails to spread, which is why you need to be cautious about them. In many cases, the infections built using the Hidden Tear code are dysfunctional, and that, in part, is due to the fact that even amateurs can use the code. Sorry HT Ransomware appears to be unfinished or poorly coded as well. When it works, it creates a point of execution in the Task Scheduler called “JohnCena.” After that, it generates an AES encryption key and starts corrupting files. It was found that the infection does not encrypt files in folders with these strings in their names: AppData, Application Data, intel, nvidia, ProgramData, Program Files, Program Files (x86), and Windows. Unfortunately, it can encrypt files everywhere else, and it appears that it can corrupt 250 different types of files, including different kinds of image, media, and document files. When they are encrypted, the “.sorry” extension is added to their names.
The ransom note by Sorry HT Ransomware is represented using a file named “How Recovery Files.txt.” The note introduces the victim to systems@hitler.rocks and systems@tutanota.com email addresses, and they are pushed to email an ID number created for them to establish communication with cyber criminals. If they get an email from you, they can then send you a new demand to pay a ransom, and doing that is risky because, most likely, nothing would happen if you paid the money. Unfortunately, retrieving it after payment is not possible. In conclusion, if your files were corrupted, you are unlikely to be able to recover them. And files cannot be restored by deleting Sorry HT Ransomware. That being said, eliminating this malicious infection is extremely important, and we suggest doing that as soon as possible.
How to remove Sorry HT Ransomware
As it was mentioned earlier, Sorry HT Ransomware deletes itself. The infection creates a BAT file named “deleteMyProgram.bat.” This file deletes the computer’s shadow volume copies using the “vssadmin delete shadows /all /quiet \r\n” command. After that is done, the file initiates the removal of the POE in Task Scheduler, the original .exe file that launched the infection, and then itself. Unfortunately, we cannot say whether or not the devious Sorry HT Ransomware will remove itself in every case, which is why we created a guide that shows how to do this manually. Although it might be easy for you to erase this threat manually, you should consider installing anti-malware software. Even if the infection erased itself, you need to install anti-malware software because you need to protect your operating system. You also need to start backing up your personal files externally. If you had that done, you would not need to count your losses caused by the malicious Sorry HT Ransomware.
Removal Guide
- Find the {unknown name}.exe file that is the launcher of the ransomware.
- Right-click and Delete the file.
- Right-click and Delete the deleteMyProgram.bat file (should be found in the same location).
- Right-click and Delete all copies of the How Recovery Files.txt file.
- Launch Windows Explorer by tapping keys Win+E.
- Enter %WINDIR%\System32\Tasks into the bar at the top.
- Right-click and Delete the task named JohnCena.
- Enter %WINDIR%\Tasks into the bar at the top and then follow step 7.
- Empty Recycle Bin and then immediately scan your PC using a legitimate malware scanner.
tested removal of Sorry HT Ransomware* 100% FREE spyware scan and
0 Comments.