I wrote this article to help you remove Im Sorry Ransomware. This Im Sorry Ransomware removal guide works for all Windows versions.

The author of Im Sorry ransomware seems to be bothered by his conscience. At least, this is what he tries to make people believe. The virus we are talking about is a win-locker. Im Sorry ransomware encrypts users’ personal files and demands a payment to unlock them. Creating an application which performs such a task is indeed something to apologize for. The renegade developer has included his personal address in the program’s official announcement. Some win-lockers produce a ransom note in the form of a file, while others display a dialog box.

Im Sorry ransomware does both. The nefarious program drops a file titled Read me for help thanks.txt and displays a message which provides payment instructions. Both notifications begin and end with apologetic words, as the coder explains that the only reason for his actions is that he needs to make a living. He has gone as far as having the win-locker add the .imsorry file extension to the names of the encrypted objects. Most ransomware programs append a custom suffix to the original names of the targeted files, so this is nothing unusual. The choice of the win-locker’s name and the custom file extension is somewhat comical.

Like most infections of this type, Im Sorry ransomware gets distributed through spam emails. The secluded program travels merged with an attached file. The sender will describe the attachment as an important document, like a recommended letter, an invoice, a receipt, a bill, a fine, a contract, a bank statement, or a subpoena. The message will be addressed on behalf of a reputable organization. To make it appear legitimate, the spammer can include its official logo and contacts. Before opening an appended file, make sure the email is reliable. Check the account it was sent from. You can refer to the official website of the entity the sender claims to be representing.

Regardless what the developer of Im Sorry ransomware intends, the ultimate result is the same as with all other win-lockers. The affected user has most of his personal files encrypted. Im Sorry ransomware uses AES cryptography to render the code scheme of the targeted objects. The list of vulnerable file types encompasses 159 formats. You will lose access to your text documents, images, audios, videos, databases, archives and other storage objects. The insidious program will inform you that you have to pay a fee to regain access to your data.

The ransom has been set at $500 USD. Victims have 3 weeks to complete the payment. The person behind Im Sorry ransomware has not stated clearly what will happen if you do not pay in time, but he has suggested that the possibility to perform a decryption may be eliminated. The cyber criminal has registered a Bitcoin wallet for accepting ransom money. This is a smart move. Making a payment in this cryptocurrency is the safest way to transfer funds online. Most win-locker developers choose this payment method because Bitcoin trading platforms cannot track online transactions. This allows them to collect ransoms without risking to get caught.

After making a payment, the user should receive a decryption key. Of course, there are no guarantees when making a deal with a cyber thief. The owner of Im Sorry ransomware can collect the sum you have transferred and break all communication without sending you the key. Even if he does allow you to decrypt your files, he can have the win-locker launch another attack in time and lock them all over again. Be advised that performing a decryption will not result in uninstalling Im Sorry ransomware. Removing the rogue program is a completely different process. We advise you to eradicate the virus and restore your files on your own terms. There are instructions on how to do so below.

Im Sorry Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Im Sorry Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
2. Install ShadowExplorer
3. Open ShadowExplorer and select C: drive on the left panel
4. Choose at least a month ago date from the date field
5. Navigate to the folder with encrypted files
6. Right-click on the encrypted file
7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

1. Go to Start –> All programs –> Accessories –> System tools –> System restore
2. Click “Next“
3. Choose a restore point, at least a month ago
4. Click “Next“
5. Choose Disk C: (should be selected by default)
6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Im Sorry Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

1. Recuva
2. Puran File Recovery
3. Disk Drill
4. Glary Undelete