Threat Database Ransomware IT Ransomware

IT Ransomware

By GoldSparrow in Ransomware

IT Ransomware Image

IT Ransomware is a brand-new data-locking Trojan that appears to be a rather basic project. This file-locker is also known as the CobraLocker Ransomware. Despite not being a very high-end threat, the IT Ransomware is fully capable of causing significant damage to its targets. Unfortunately, the IT Ransomware does not appear to be decryptable for free.

Propagation and Encryption

Threats like the IT Ransomware often go after a variety of filetypes that are likely to be present on the system of every regular user. This means that the IT Ransomware will not spare any images, documents, presentations, databases, spreadsheets, archives, audio files, videos and other filetypes that are common. As a result of an attack by the IT Ransomware, the majority of your data will be encrypted with a secure encryption algorithm. Every file that gets locked by the IT Ransomware will receive a new extension – '.IT.' This means that a file, which you initially named 'iron-sky.png,' will be renamed to 'iron-sky.png.IT' after the encryption process is completed. Nasty Trojans like the IT Ransomware are often propagated with the help of corrupted advertisements online, bogus software updates and downloads, and phishing emails containing macro-laced files and torrent trackers, fake social media profiles, etc.

The Ransom Note

After completing the encryption process successfully, the IT Ransomware will proceed with the attack by displaying a ransom note. The ransom message of the attacker is displayed in a new window that takes up the whole screen. The new window contains the attackers' ransom note alongside a large image of the clown Pennywise. It is clear that the attackers have been inspired by Stephen King's novel IT (hence the extension name), which features Pennywise the clown. The ransom message is fairly short. In it, the attackers state that the victim should contact them via email and provide an email address for this purpose – ‘'

It is not wise to contact cybercriminals. Even users who pay the fee demanded may be left empty-handed. Instead, consider investing in a legitimate, trustworthy anti-virus utility that will help you remove the IT Ransomware from your computer.

Related Posts


Most Viewed