Remove 0000-SORRY-FOR-FILES Ransomware (.weapologize)

By | Posted on March 30, 2018 | Updated on May 19, 2018

0000-SORRY-FOR-FILES ransom virus is dubbed by computer security experts as SamSam or Samas. It open attack computers with open connections of RDP (Remote Desktop Protocol). This virus breaks into the computer by brute forcing the RDP endpoints and lock target files on the computer. Same with most ransomware, 0000-SORRY-FOR-FILES uses the affected computer to spread a copy of itself using victim’s address book and SMTP protocol.

All files affected by this ransom virus will have the .weapologize extension. In order to recover encrypted files, users are oblige to pay 0.7 Bitcoins ($6,800 at present rate) per PC, or 3 Bitcoins to receive all the private keys for affected computers. These instructions are provided on the ransom notes 0000-SORRY-FOR-FILES.html, which reads:

All your files are encrypted with RSA-2048 encryption. For more information search in Google ‘RSA Encryption.’

RSA is asymmetric cryptographic algorithm. You need one key for each encryption and one key for decryption. So you need Private Key to recover your files. It’s not possible to recover your files without Private Key.

You can get your Private Key in 3 easy steps:
Step 1: You must send us 0.7 Bitcoin for each affected PC or 3 Bitcoin to receive all Private Keys for all affected PC’s.
Step 2: After you send us 0.7 Bitcoin, leave a comment on our site with this detail: Just write your ‘Host Name’ in your comment…

0000-SORRY-FOR-FILES

It is noticed that 0000-SORRY-FOR-FILES ransomware is targeting city councils, industrial control systems, hospitals, and even individuals. The only way to stay away from this threat is by securing RDP with a strong password or simply disable this connection if not needed. In addition, it is vital to shield the computer with effective anti-malware tool that provide real-time protection.

How to Remove 0000-SORRY-FOR-FILES

Ransomware files are placed deeply into the system and on various locations, thus, thorough scanning is vital to totally remove 0000-SORRY-FOR-FILES virus. Aside from our suggested tool, you may also run your own security program.

Though affected files may be impossible to decrypt due to complexity of the encryption, you can still try recovery method like Shadow Explorer or Previous Version as described below.

Stage 1: Scan the computer with Anti-malware Program

1. Download the free anti-malware scanner called MalwareBytes Anti-Malware.
Malwarebytes Anti-Malware Download Link (this will open a new window)

2. After downloading, install the program. It may run automatically or you have to double-click on the downloaded file MB3-Setup.exe.

3. Proceed with the installation using only the default setup. If you need the complete setup procedure, it is available on the download page.

4. At the last stage of installation process, click Finish to run the program.

5. On Malwarebytes Anti-Malware console, select Scan from the menu to see available Scan Method.

6. Next, click on Threat Scan. This is the most comprehensive scan method that will surely find any hidden items linked to 0000-SORRY-FOR-FILES.

7. Click Start Scan button to begin checking the computer.

MBAM-threatscan

8. When scanning is done, Malwarebytes Anti-Malware will display the list of identified threats. Remove all identified threats and restart the computer to finalized the scan process.

Stage 2: Double-check for 0000-SORRY-FOR-FILES’s leftover with Microsoft’s Malicious Software Removal Tool

1. Download the free scanner called Malicious Software Removal Tool.
Malicious Software Removal Tool Download Link (this will open a new window)

download-msrt

2. The tool automatically checks the operating system and suggest appropriate download version. Click on Download button to begin. Save the file to a convenient location, preferably on Desktop.

3. After downloading the file, Windows will prompt that download has completed. Click Run to start scanning for 0000-SORRY-FOR-FILES. Another option is to browse the location folder and double click on the file to run.

msrt-icon

4. The tool will display Welcome screen, click Next. Please note the message “This tool is not a replacement for an antivirus product.” You must understand that this program is made specifically to find and remove malware, viruses, Trojans, and other harmful elements on the computer. It was not designed to protect the computer.

msrt1

5. Next, you will see Scan Type. Please choose Full Scan to ensure that all 0000-SORRY-FOR-FILES virus entities and other harmful files left on the computer will be found and removed. For advanced computer user, you can opt for Customized Scan, if there are other drives or folders you wanted to include in this scan.

msrt2

6. Full scan may take a while, please wait for Malicious Software Removal Tool to complete the tasks. However, you may cancel the scan anytime by clicking on the Cancel button.

msrt3

7. After scanning, the tool will reveal all identified threats. There may be other threats that our first scan fails to detect. Please remove/delete all detected items.

8. When removal procedure is complete, you may now close Malicious Software Removal Tool. We hope that 0000-SORRY-FOR-FILES have been completely deleted from the computer. Please restart Windows to proceed with the normal operation.

Stage 3 : Unlocking files with 0000-SORRY-FOR-FILES Key

We will update this portion once 0000-SORRY-FOR-FILES Private Key is available. For the meantime, please try the following options to restore your files.

Option 1: Windows Previous Version Tool

Windows Vista and Windows 7 have a feature called Previous Versions. However, this tool is only usable if restore point was made prior to 0000-SORRY-FOR-FILES virus infection. To use this tool and recover files affected by the virus, please follow these steps:

1. Open My Computer or Windows Explorer.

2. Right-click on the affected files or folders. From the drop-down list, please click on Restore previous versions.

3. New window will open display all backup copy of files and folders you wanted to recover. Choose the appropriate file and click on Open, Copy, or Restore. Restoring selected files overwrites the current encrypted files on the computer.

Option 2: Use ShadowExplorer to restore files encrypted by 0000-SORRY-FOR-FILES

Just like Previous Version tool, ShadowExplorer is taking advantage of shadow copy created by Windows. This tool allows you to retrieve older version of files before it was encrypted by 0000-SORRY-FOR-FILES.

1. Download ShadowExplorer from the official web site.

2. Install the program with the default settings.

3. The program should run automatically after installation. If not, double-click on ShadowExplorer icon.

4. You can see the drop-down list on top of the console. Please select proper drive and the most recent point-in-time shadow copies of files you wish to restore prior to 0000-SORRY-FOR-FILES infection.

shadow3

5. Right-click on the Drive, Folder, or File you wish to restore and click Export…

6. Lastly, ShadowExplorer will prompt for location where you want to save the copy of recovered files.

Leave a Reply

Your email address will not be published. Required fields are marked *