Ransomware Tracker (Entry #338): Sorry Worm

On April 27, 2026 a Golang ransomware-worm dubbed **Sorry Worm** was observed on VirusTotal; it encrypts files (AES+RSA), appends the '.sorry' extension, and automatically exploits a widespread critical cPanel vulnerability (CVE-2026-41940) to achieve RCE and propagate across networks via embedded SSH brute-forcing and scanner toolkits—researchers produced multi-part analyses and victims were identified using the ransom note Tox ID and internet-wide search engines.