IT.Books Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 594
Category: Trojans

IT.Books Ransomware might not look like much, but it is a dangerous computer infection. It is a ransomware program, and it can easily encrypt your files. It means that it scrambles the byte information within the file, and the system can no longer read it. Then this program says that you can restore your files if you pay the ransom fee. However, rather than paying anything to these criminals, you need to remove IT.Books Ransomware for good, and then look for other ways to restore your files. There are usually quite a few options, so if you are not sure where to start, feel free to address a professional.

Our research team says that this program is coded in the .NET programming language, and this program looks quite a lot like a Frankenstein. What we mean is that the code for this program comes from different places: pieces of the code were borrowed from the Jigsaw Ransomware and the Hidden Tear Ransomware programs. What does it mean? It means that IT.Books Ransomware might exhibit a list of behavioral symptoms that are common to both Jigsaw Ransomware and Hidden Tear Ransomware. However, it doesn’t really tell us how to decrypt the files affected by this infection because each program comes with a unique decryption key.

Of course, it would be perfect if users could avoid IT.Books Ransomware altogether. Normally, ransomware infections come with spam. The installer files for ransomware programs masquerade as legitimate documents and users do not think twice before opening them. For instance, the installer file for IT.Books Ransomware pretends to be an e-book. The file that carries the infection comes with the IT-ebooks description, and the product name is IT.Books, so users who are not used to dealing with such threats might not even realize that something is off.

How is it possible to tell fake emails apart from the real ones? Phishing emails that steal personal information and distribute malware usually carry an urgent message. This message tries to push you into taking action immediately. So if you do not recognize the sender, but the message says that you have to do something at once, you would do yourself a favor by scanning the attached file with the security tool of your choice. If the program deems the file safe, you can open it. If not, you will probably have dodged a terrible bullet.

When IT.Books Ransomware encrypts target files, it adds “.fucked” to the filename, so you will know immediately which files were affected by this ransomware. On the other hand, it is safe to say that most of the personal files will be encrypted because this infection skips only the Windows system files. When the encryption is complete, it displays a ransom note that says you have to pay $600 worth of Bitcoin to get your files back. It also changes your desktop background into a dark picture that says the following:


Your documents, photos, databases and other important files have been locked with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt ypur files until you pay and obtain the private key.

Follow the instruction to get the Decryption key!

Since IT.Books Ransomware was released quite a while ago, it is very likely that the main server is down, and they can no longer issue the decryption key. However, even if it were possible to get it, paying the ransom is never a good idea. Simply remove IT.Books Ransomware right now, and then go through all your other devices. Maybe you have copies of your files saved somewhere else.

How to Delete IT.Books Ransomware

  1. Press Ctrl+Shift+Esc and launch Task Manager.
  2. Click the Processes tab and mark malicious processes.
  3. Press End Process and close Task Manager.
  4. Delete the most recent files and READ__IT.txt from Desktop.
  5. Open the Downloads folder and delete the most recent files.
  6. Press Win+R and enter %TEMP%. Press OK.
  7. Delete the most recent files.
  8. Press Win+R and type %APPDATA%. Press OK.
  9. Delete the ranx.jpg file and run a full system scan with SpyHunter.
Download Remover for IT.Books Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

IT.Books Ransomware Screenshots:

IT.Books Ransomware
IT.Books Ransomware

IT.Books Ransomware technical info for manual removal:

Files Modified/Created on the system:

# File Name File Size (Bytes) File Hash
1READ__IT.txt270 bytesMD5: 2dbafff7214e9fa9ec3b53ca7412c16a
2IT.Books Ransom.exe970240 bytesMD5: 98a9d3fe8f64e5d34d143ed5a6b73eb0
3ranx.jpg52305 bytesMD5: 6d13812d8d14cc8f8de34998aa413b59

Memory Processes Created:

# Process Name Process Filename Main module size
1IT.Books Ransom.exeIT.Books Ransom.exe970240 bytes


Your email address will not be published.


Enter the numbers in the box to the right *