IT.Books Ransomware

Posted by Lisa Blanc on October 16, 2018

What is IT.Books Ransomware?

IT.Books Ransomware encrypts almost all files found on the computer, which is why some of the software might crash once the system gets infected, and data like images might become impossible to open. The cybercriminals behind this threat may offer their decryption tools for a particular price, but it seems to us it would be safer to restore enciphered data from backup copies. It would not cost you anything either. However, before attaching any removable devices or connecting to cloud storage where backup copies could be kept, it would be advisable to erase the malicious application first to be on the safe side. If you choose to follow our advice we encourage you to use the removal instructions available at the end of this report. On the other hand, if the process appears to be too complicated for you to complete on your own, you could get a legitimate antimalware tool and let it eliminate IT.Books Ransomware for you.testtesttest

Where does IT.Books Ransomware come from?

The research shows IT.Books Ransomware is being spread with suspicious data found on untrustworthy web pages. Usually, it is various setup files and updates, but in this case, it looks like the cybercriminals disguised the malicious application’s launcher to make it look like an eBook. In other words, the victim may think he is about to open an electronic book, but in reality, he would run a file carrying the infection in question. To avoid making the same mistake again, you should either avoid downloading untrustworthy material from the Internet or at least check it with a legitimate antimalware tool before launching it.

How does IT.Books Ransomware work?

It appears to be that IT.Books Ransomware was based on two separate threats known as Hidden Tear and Jigsaw Ransomware. The combination of them created a vicious application that encrypts not only private user’s data, but also executable files, which means some of the programs could get enciphered too. The only good news is the infection does not affect data belonging to the computer’s operating system, so the device itself should not crash. The reason the threat does not target data created by the operating system is that the cybercriminals need the computer to be bootable; otherwise, it would be more difficult to show a ransom note as well as for the user to pay a ransom.

Soon after IT.Books Ransomware enciphers files and marks them with the .fucked extension (e.g., image.jpg.fucked), it should display a window with a ransom note. It looks a lot like the ransom note displayed by Jigsaw Ransomware. Also, it threatens to delete encrypted files if the user does not pay a ransom. It would seem the malicious application should start by eliminating a few files and after a couple of days, it might begin to delete a thousand of them each day. Another thousand files could be removed from the computer if the infection’s window is closed and then relaunched. Of course, it does not matter if the data is erased or not if you do not have decryption tools.

Sadly, the tools cost around $600 and you cannot know if you will actually receive them. As you see the malware’s developers could easily take the transferred money without delivering what they promised. Under such circumstances, we would advise deleting the threat if you do not want to risk wasting your money for nothing.

How to erase IT.Books Ransomware?

One way to eliminate IT.Books Ransomware is to delete data associated with it manually. If you think you can manage, you could try to remove the infection while following the steps given at the end of this article. For less experienced users we could suggest acquiring a legitimate antimalware tool. Then scan the system with it and press the removal button to erase the infection along with other detected threats.

Get rid of IT.Books Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Select Task Manager.
  3. Identify the threat’s process.
  4. Choose this process and click End Task.
  5. Leave Task Manager.
  6. Tap Windows key+E.
  7. Navigate to the following paths:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  8. Find the file that was placed when the device got infected.
  9. Right-click the malicious file and press Delete.
  10. Find a document called READ__IT.txt on your Desktop.
  11. Right-click it and select Delete.
  12. Lastly, go to %APPDATA%
  13. Look for a picture named ranx.jpg.
  14. Right-click it as well and press Delete.
  15. Close File Explorer.
  16. Empty your Recycle bin.
  17. Restart the system. 100% FREE spyware scan and
    tested removal of IT.Books Ransomware*

Stop these IT.Books Ransomware Processes:

IT.Books Ransom.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *