.Sorry File Virus Removal (File Recovery Included)

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove .Sorry File Virus for free. Our instructions also cover how many .Sorry files can be recovered.

A new Ransomware threat known as .Sorry File has been spreading online and encrypting user’s files with a new encryption algorithm. Many users, who have become victims of this malware, reached out to us with requests to help them deal with the infection. That’s why we came up with this new article on how to remove .Sorry File from your computer. Below you will find a removal guide, which contains detailed instructions that will help you find the harmful files in your system and manually delete them. However, before you do that, we suggest you familiarize yourself with the specifics of this Ransomware, its methods of distribution and the possible measures you can take to prevent such threats in the future.

.Sorry File

.Sorry File Virus

.Sorry Ransomware – a new “cyber blackmailing” threat on the horizon

As a new addition to the Ransomware family, .Sorry comes packed with new malicious abilities. This cryptovirus is able to lock your entire OS or specific file types with a new and complex encryption algorithm. It is impossible to access the files once they have been locked and if you attempt to open them a simple error message will appear on your screen. This is done with the sole aim of keeping your data hostage until you pay a huge amount of money in the form of ransom. The crooks usually promise to send you a decryption key that may bring your files to normal, once they receive their money. Unfortunately, many victims fall into the trap of fulfilling their requirements and agree to pay the ransom. The more people pay, however, the more they help this type of threats become popular and a very profitable “business model” for criminal circles.

Distribution methods of .Sorry

.Sorry is a very sophisticated threat. It spreads online in various ways and infects users mostly by tricking them into clicking on seemingly harmless types of content and applications. This is usually done with the help of a Trojan horse infection, which creates vulnerabilities inside the victim’s system. Such malicious payload could be distributed through spam emails, compromised websites, fake ads, misleading links, different file attachments, torrents and whatnot.

What are the symptoms?

What is very cunning about this malware is that it is very hard to be detected before it infects you. A single click on the wrong file may unknowingly activate the file encryption process and the virus will remain unnoticed until all the targeted data has been locked. However, once it is done with its malicious deeds, .Sorry will reveal itself on the victim’s screen with a ransom note. This note usually contains a message from the hackers, who inform you about the encryption that has taken place. You can also find exact instructions on how to make the payment of the requested ransom, which is normally asked in Bitcoins. A deadline may be given to you in order to press you to act impulsively.

What options do you have when you get infected with .Sorry ransomware?

With no doubt, facing such threats is a frustrating experience, however getting panicked won’t help you deal with it adequately. When you are dealing with unscrupulous cyber criminals, you should know that they may use various methods to apply pressure to you in order to make you fulfill their demands. However, acting out of stress won’t be the best you could do in such a situation. If you are hesitant about giving your hard earned money to a group of crooks, we should warn you that there is no guarantee you will get what you will pay for. Many security experts advise victims of Ransomware not to pay a cent, because this way they only help this type of threats become a more popular scheme of making quick money. Not only might you not get the promised decryption key, but it may turn out to be a really bad deal, which can leave you with your data locked forever. You have another option, though. In case you don’t want to rely on the mercy of the hackers, you can take the initiative in your own hands and remove .Sorry and all its traces from your computer. We have created the removal guide below with that idea, and we won’t ask a penny from you for it. Simply follow the instructions and you may even be able to restore some of your encrypted files with the help of the tips we have included in the guide.


Name .Sorry
Type Ransomware
Danger Level High (Ransomware are by far the worse threat you can encounter)
Symptoms  A ransom note appears on the victim’s screen once the encryption is completed.
Distribution Method  A sophisticated threat that distributes itself through Trojan horse infections, spam emails, compromised websites, fake ads, misleading links, different file attachments and torrents.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

.Sorry File Virus Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with .Sorry

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

Did we help? Share your feedback with us so we can help other people in need!

Leave a Comment