Imsorry Ransomware

What is Imsorry Ransomware?

A new extension .imsorry appended next to original extensions of your files indicates that Imsorry Ransomware has slithered onto your computer and done its job. That is, it has encrypted your pictures, documents, text files, music, and videos so that it could extract money from you. Since the only goal of this infection is to make users send money to its developer, do not be surprised that a window demanding a ransom is opened on your Desktop after the encryption of files. A new .txt file (Read me for help thanks.txt) is also dropped on the computer to inform you about the encryption of files and tell you what you can do to get their files back. Although you badly need to access your files, you should not send cyber criminals money because you might be left without anything. That is, you will lose not only your files (it is because it might still be impossible to unlock them after making a payment to cyber criminals), but also your money. What we expect you to do instead is to remove Imsorry Ransomware from the system the second you encounter it. It needs to be removed ASAP to disable it and make sure that it cannot encrypt any new files.

What does Imsorry Ransomware do?

Imsorry Ransomware is a threat developed in May, 2017, so only one version of this infection should exist. It performs a scan to find the most valuable files and then encrypts them using the AES encryption algorithm. After locking users’ files, this infection appends a new extension .imsorry to them all. Original names and extensions are not changed, so encrypted files have such a format: myfavoritesong.mp3.imsorry. A window “Im Sorry” is launched after the encryption of files on victims’ Desktops as well. The first sentence it contains informs users about the condition of their files: “Hello, I hate to inform you but your files have been encrypted.” Then, users are explained how they can purchase Bitcoins and buy the decryption key from cyber criminals. Like other threats demanding money, the size of the ransom it asks users to pay is quite high – it demands 500 USD in the Bitcoin currency. Only three weeks are given to make a payment. Without a doubt, cyber criminals do not want users to find a free way to delete Imsorry Ransomware and get files back, so the time given to make a payment is limited. Users should not give malware developers a cent, specialists at anti-spyware-101.com say. According to them, it is not a clever idea to do that because they have no guarantees that the key will be provided for them and they could unlock their files. There is one group of people who do not need to worry about the decryption of files because they could do that easily after removing Imsorry Ransomware. These are users who back up their files periodically. Are you one of them? If the answer is yes, delete the ransomware infection from your PC and go to recover your files. If you are not one of these users, you should wait for the decryption tool to be released by researchers specializing in cyber security. We cannot promise that it will be developed soon though.

Where does Imsorry Ransomware come from?

The distribution of Imsorry Ransomware is still a mystery to us because this threat is not very prevalent at present. Although there is not much information about methods used to disseminate it, it is very likely that it does not differ from other ransomware infections in this sense too. Researchers are 99% sure that this infection is spread via spam email campaigns too. Also, it might be available on dubious pages, e.g. file-sharing websites. Specifically speaking, users might download it from the web without even realizing that. Since it is not always easy to recognize and prevent malware from entering the system, our security specialists recommend installing a security application, e.g. SpyHunter. You will be safe as long as you keep this tool active.

How to delete Imsorry Ransomware

Although Imsorry Ransomware is not one of those ransomware infections which make a bunch of modifications on victims’ computers, many users still find its removal quite a challenging task because they need to find and erase the executable file of this threat from their PCs. It might be located anywhere, but the highest chance to find it is in these three directories: %TEMP%, %USERPROFILE%\Downloads, and %USERPROFILE%\Desktop. If the malicious file cannot be found anywhere, search for it using an automatic tool. It will find it for you and delete other components of ransomware, if you allow it.

Imsorry Ransomware removal guide

1. Tap Ctrl+Alt+Del.
2. Start Task Manager.
3. Click on the Processes tab and kill all suspicious processes.
4. Close the Task Manager and launch the Windows Explorer (press Win+E).
5. Visit the following directories one by one and remove all suspicious files you find there: %TEMP%, %USERPROFILE%\Downloads, and %USERPROFILE%\Desktop.
6. Empty the Recycle bin. Download Removal Tool100% FREE spyware scan and
   tested removal of Imsorry Ransomware*