IT.Books Ransomware might not look like much, but it is a dangerous computer infection. It is a ransomware program, and it can easily encrypt your files. It means that it scrambles the byte information within the file, and the system can no longer read it. Then this program says that you can restore your files if you pay the ransom fee. However, rather than paying anything to these criminals, you need to remove IT.Books Ransomware for good, and then look for other ways to restore your files. There are usually quite a few options, so if you are not sure where to start, feel free to address a professional.
Our research team says that this program is coded in the .NET programming language, and this program looks quite a lot like a Frankenstein. What we mean is that the code for this program comes from different places: pieces of the code were borrowed from the Jigsaw Ransomware and the Hidden Tear Ransomware programs. What does it mean? It means that IT.Books Ransomware might exhibit a list of behavioral symptoms that are common to both Jigsaw Ransomware and Hidden Tear Ransomware. However, it doesn’t really tell us how to decrypt the files affected by this infection because each program comes with a unique decryption key.
Of course, it would be perfect if users could avoid IT.Books Ransomware altogether. Normally, ransomware infections come with spam. The installer files for ransomware programs masquerade as legitimate documents and users do not think twice before opening them. For instance, the installer file for IT.Books Ransomware pretends to be an e-book. The file that carries the infection comes with the IT-ebooks description, and the product name is IT.Books, so users who are not used to dealing with such threats might not even realize that something is off.
How is it possible to tell fake emails apart from the real ones? Phishing emails that steal personal information and distribute malware usually carry an urgent message. This message tries to push you into taking action immediately. So if you do not recognize the sender, but the message says that you have to do something at once, you would do yourself a favor by scanning the attached file with the security tool of your choice. If the program deems the file safe, you can open it. If not, you will probably have dodged a terrible bullet.
When IT.Books Ransomware encrypts target files, it adds “.fucked” to the filename, so you will know immediately which files were affected by this ransomware. On the other hand, it is safe to say that most of the personal files will be encrypted because this infection skips only the Windows system files. When the encryption is complete, it displays a ransom note that says you have to pay $600 worth of Bitcoin to get your files back. It also changes your desktop background into a dark picture that says the following:
YOUR COMPUTER HAS BEEN LOCKED!
Your documents, photos, databases and other important files have been locked with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt ypur files until you pay and obtain the private key.
Follow the instruction to get the Decryption key!
Since IT.Books Ransomware was released quite a while ago, it is very likely that the main server is down, and they can no longer issue the decryption key. However, even if it were possible to get it, paying the ransom is never a good idea. Simply remove IT.Books Ransomware right now, and then go through all your other devices. Maybe you have copies of your files saved somewhere else.
# | File Name | File Size (Bytes) | File Hash |
---|---|---|---|
1 | IT.Books Ransom.exe | 970240 bytes | MD5: 98a9d3fe8f64e5d34d143ed5a6b73eb0 |
2 | READ__IT.txt | 270 bytes | MD5: 2dbafff7214e9fa9ec3b53ca7412c16a |
3 | ranx.jpg | 52305 bytes | MD5: 6d13812d8d14cc8f8de34998aa413b59 |
# | Process Name | Process Filename | Main module size |
---|---|---|---|
1 | IT.Books Ransom.exe | IT.Books Ransom.exe | 970240 bytes |