Imsorry Ransomware Removal Guide

Do you know what Imsorry Ransomware is?

Imsorry Ransomware is a ransomware-type infection discovered by our malware researchers at the end of May, 2017. Since it is a new threat, it is too early to talk about its popularity. At the time of writing, it is surely not a prevalent threat, but cyber criminals might start distributing it more actively in the future and, as a consequence, it might show up on thousands of computers. If you are reading this article not because you want to find out about new ransomware developed recently but because Imsorry Ransomware has already infiltrated your computer and locked your files, we have only one piece of advice for you – you need to remove the ransomware infection from your PC as soon as possible. You will be told that you need to pay a ransom of 500 USD in Bitcoin to get the decryption key and it will be deleted permanently if a payment is not made within 3 weeks. We know that you need your files back and you do not want to lose them forever; however, we still cannot recommend sending money to cyber criminals because there are no guarantees that the key will be sent to you and you could unlock your files. Of course, in case it is not sent to you, you will not get your money back. Therefore, according to our experienced specialists, it would be smart to remove Imsorry Ransomware first and then try to find an alternative way to decrypt files. Unfortunately, we cannot promise that you will get your files back.

Certain threats are put in the category of ransomware because they do what it takes to obtain money from users. Imsorry Ransomware is one of them, so the first thing it does when it successfully enters systems is searching for MS Office files, photos, music, videos, archives, etc. To put it differently, it finds where the most valuable users’ files are located and then encrypts them all with the AES (Advanced Encryption Standard) cipher. Those files it encrypts receive a new extension .imsorry, so it becomes clear soon which files have been locked. Right after the encryption of users’ personal data, it opens a window on Desktop (it can be easily closed) and drops a .txt file (Read me for help thanks.txt) with the same message on Desktop. If users read the message located on the Im Sorry window or inside the .txt file, they find out that the only solution to the problem is sending money to cyber criminals, i.e. purchasing the decryption key from them. Three-step instructions are provided there to users too: 1) they need to create a Bitcoin account; 2) purchase 500 USD worth of Bitcoin; 3) send the payment to the BTC address provided below. In addition, victims are told to submit the Bitcoin address in the box at the bottom of the window so that cyber criminals could validate a payment. As mentioned above, our experienced specialists do not think that paying money to cyber criminals is a brilliant idea because your money might be taken from you, but you might get nothing in exchange. Because of this, you should try out all free data recovery methods that do not need the key cyber criminals claim to have instead of rushing to make a payment. For instance, files can be easily recovered from a backup.Imsorry Ransomware Removal GuideImsorry Ransomware screenshot
Scroll down for full removal instructions

Specialists can distinguish two distribution methods commonly used to distribute ransomware infections. First, they might be distributed as attachments in spam emails. Of course, nobody tells users that malicious software will enter their systems and encrypt files. In fact, these malicious attachments are usually presented as important documents, which is why users fearlessly open them and get infected with ransomware. What is more, research has shown that users can download Imsorry Ransomware from dubious websites too. Of course, they expect that they will get beneficial software when they click on the Download button. As can be seen, ransomware infections might be very sly threats.

Imsorry Ransomware is not that kind of threat which makes modifications in the system registry, creates copies of itself in order not to be removed easily by users, or blocks such system utilities as the Task Manager, so its removal should not be a task that is extremely hard to complete. Of course, we still recommend consulting our manual removal guide.

Delete Imsorry Ransomware

  1. Tap Ctrl+Shift+Esc simultaneously.
  2. Open the Processes tab.
  3. Find suspicious processes and kill them all.
  4. Close the Task Manager and open the Windows Explorer (Win+E).
  5. Delete recently downloaded files from %TEMP%, %USERPROFILE%\Downloads, and %USERPROFILE%\Desktop.
  6. Empty the Trash bin.

In non-techie terms:

Imsorry Ransomware can be removed from browsers manually, but it is still highly recommended to perform a system scan with an automatic scanner after its deletion because other malicious applications could have entered your computer together with it as well. Some of them might be developed to work in the background silently, so it might not be a piece of cake to detect and remove them. Because of this, you should use an automatic tool. It will need only a few seconds to find malicious software/malicious components on your computer.