1 of 3
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

IT.Books Ransomware

IT.Books Ransomware is a malicious program made while borrowing code from threats like Jigsaw Ransomware and an open source file-encrypting application called Hidden Tear. According to our researchers, it encrypts most of the data located on the infected computer, so the malware’s victims could lose a considerable amount of files. Moreover, it might not only encrypt the files but also delete them bit by bit until the user pays a ransom. Unfortunately, the hackers ask quite a lot as the displayed ransom note mentions the user has to pay around 600 US dollars in Bitcoins. Needless to say, we would not recommend risking such a sum when there are no guarantees the malicious application’s developers will deliver needed decryption tools. Therefore, our advice would be to get rid of IT.Books Ransomware from your computer. To find instructions on how to erase the threat manually you could scroll below this article, but if you wish to learn more about the infection, you should read the text first.

Our researchers learned the malware might be spread via malicious files that look like e-books. For example, the sample we came across was titled IT.Books and its description said IT-eBooks. This makes us think, IT.Books Ransomware might be distributed among users who like to read digital books and search for them on unreliable web pages. Because of this we would recommend being extra cautious when downloading files from doubtful sources. The truth is it is safest to stay away from such sites. Additionally, it might be a good idea to acquire a reliable antimalware tool of your choice. Such a tool could warn you about possibly dangerous content or even stop it from harming the system and data located on it.

It seems IT.Books Ransomware starts encrypting files right after its launch and once it finishes all targeted data should have an additional .fucked extension, for example, flowers.jpg.fucked. Next, the malicious application is supposed to change the user’s Desktop image with a picture containing a message from the threat’s developers. It starts with a sentence saying “YOUR COMPUTER HAS BEEN LOCKED!” written in red capital letters. Below it users should see a picture of a pirate’s skull and a short text saying it is possible to decrypt user’s files, but for this, he needs to get a private decryption key from the hackers.

Further and more detailed instructions should be located on IT.Books Ransomware’s ransom note which ought to be displayed on a pop-up window. At first, the note should explain the malware will keep deleting encrypted files until the malware’s developers receive payment to the provided Bitcoin wallet. Besides losing more and more data every day the ransom is not paid, the note says the threat will erase 1000 files if the user closes the pop-up window. However, it is told the data will be deleted only when the user relaunches it, so if the malicious application is removed right away, it should be unable to erase anything.

The problem is even if you get to keep the encrypted files they will still be useless without a private decryption key and a decryptor. Nonetheless, we would advise against paying the ransom. The hackers promise to send the private decryption key soon after receiving payment, but there is not knowing if they will do it or if they will still have it. Thus, if you do not want to risk losing 600 US dollars in vain, we would recommend removing IT.Books Ransomware with no hesitation.

There are a couple of ways to deal with this malware. First of all, you could try to get rid of it manually while completing the steps provided in the instructions placed below. The task might not be easy for some users in which case we recommend downloading a reliable antimalware tool instead. Simply start a system scan and wait till IT.Books Ransomware and other possible threats are identified. Then press the provided removal button and eliminate all detections at once.

Erase IT.Books Ransomware

  1. Tap Ctrl+Alt+Delete.
  2. Launch Task Manager.
  3. Look for the malware’s process.
  4. Select the suspected process and press End Task.
  5. Leave the Task Manager.
  6. Click Win+E.
  7. Find these locations:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  8. Look for the malware’s installer, then right-click it and press Delete.
  9. Search for this location %APPDATA%
  10. Find a file called ranx.jpg, right-click it and press Delete.
  11. Go back to the Desktop folder.
  12. Locate READ__IT.txt, right-click the document and select Delete.
  13. Exit File Explorer.
  14. Empty Recycle bin.
  15. Restart the system.
Download Spyware Removal Tool to Remove* IT.Books Ransomware
  • Quick & tested solution for IT.Books Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.