IT.Books Ransomware
The IT.Books Ransomware is a file-locker Trojan that uses components of both Hidden Tear and the Jigsaw Ransomware. Attacks by this threat can lock your files by applying encryption to them automatically, and also may delete content. Users seeing pop-ups or other symptoms of this Trojan should have their anti-malware programs isolate or erase the IT.Books Ransomware immediately before restoring from a backup or using other, free recovery options.
The e-Book that Turns into an Evil Puppet on the First Page
A creative threat actor is using both the file-deleting Jigsaw Ransomware's notorious pop-up, along with the efficient features of the Utku Sen's free Hidden Tear program, for launching a new campaign of blocking data for ransom payments. The IT.Books Ransomware's file credentials are falsifying it as a resource for e-Book readers. This tactic is typical for file-locking Trojans whose campaigns focus on torrents or corrupted, free-download websites for compromising their victims at random.
Malware analysts have yet to validate whether or not the IT.Books Ransomware includes the Jigsaw Ransomware's file-deleting feature (which triggers whenever the program restarts, such as on a reboot, as well as on a looping timer). However, the IT.Books Ransomware does launch an almost identical version of the Jigsaw Ransomware's pop-up, which features the Saw movie franchise's puppet mascot, along with Bitcoin ransom-processing instructions, a decryption UI and contact details for the threat actors. By contrast, most of the IT.Books Ransomware's internal code is from Hidden Tear.
Hidden Tear is unrelated to the Jigsaw Ransomware and, importantly, lacks any advanced, file-deleting functions. However, the IT.Books Ransomware does encrypt and lock files in the same fashion as HT, which may or may not be reversible by any freeware decryption tools. Users can search for the '.fucked' extensions that the IT.Books Ransomware appends for identifying what media is blocked, with documents, pictures, archives, audio, and spreadsheets all being likely targets.
Shutting the Book on the IT.Books Ransomware's Finances
Since not all of the IT.Books Ransomware's payload has received a full analysis from malware experts and other threat researchers, users should assume that encryption isn't, necessarily, the only damage that it can cause. Avoid restarting your computer without implementing steps for overriding the IT.Books Ransomware's startup routine, such as booting directly from USB devices for ignoring the default, compromised Windows Registry. Copy the encrypted files before testing them with free unlocking services, which do exist for both the Jigsaw Ransomware and Hidden Tear families.
Backups are always necessary for keeping any digital media safe from file-locker Trojans, regardless of their lineage. Keep your backups on devices that aren't available over unsecured network shares, which are frequent targets for the file-locking Trojans of RaaS-based entities like the Globe Ransomware or the Scarab Ransomware. Detection rates among the AV industry for removing the IT.Books Ransomware safely are at fifty percent, and, hopefully, will rise, in time, with increases in samples and further analysis.
The IT.Books Ransomware gives a good look at how threats of its type circulate by tricking their victims, indulge in even more duplicity in their ransom notes, and use both cryptographic data attacks and emotive imagery for collecting money. Paying the Bitcoins that the IT.Books Ransomware asks for is, however, no better than trusting in another movie villain to honor his word, with predictably negative consequences.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.