Itrz Ransomware Will Encrypt Victim Systems

While examining new malicious file samples, we ran into a ransomware variant known as Itrz. This ransomware encrypts files and modifies their names by adding the ".itrz" extension. Additionally, Itrz generates a ransom note, typically found in a file named "_readme.txt."

Itrz alters file names in the following manner: it changes a file like "1.jpg" to "1.jpg.itrz," "2.png" to "2.png.itrz," and so forth. It's important to note that Itrz is linked to the Djvu ransomware family, and cybercriminals may distribute it in conjunction with data-stealing malware like RedLine or Vidar.

In the ransom note, the attackers claim that they have employed a robust encryption method to lock the victim's files, which include photos, databases, documents, and other crucial data. To restore normal access to the files, the victim is expected to pay for a decryption tool and a unique key, which will unlock the encrypted data.

The attackers do provide a free decryption trial by allowing the victim to send one of their encrypted files from their computer, which will be decrypted at no cost. However, they specify that this free decryption offer applies only to a single file, and it should not contain valuable information.

The ransom note outlines that the initial cost of obtaining the private key and decryption software is $980. Nevertheless, it emphasizes that a 50% discount down to $490 in ransom money is available if the victim contacts them within the first 3 days following infection. The note underscores that failing to make the payment will make data recovery impossible.

To acquire the decryption software, the victim is instructed to reach out to the cybercriminals through the following email addresses: support@freshmail.top or datarestorehelp@airmail.cc.

Table of Contents

Itrz Ransom Note Provides Emails for Contact

The complete text of the Itrz ransom note reads as follows:

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-cGZhpvUKxk
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
support@freshmail.top

Reserve e-mail address to contact us:
datarestorehelp@airmail.cc

Your personal ID:

How is Ransomware Like Itrz Distributed?

Ransomware like Itrz can be distributed through various methods, including but not limited to:

Phishing Emails: One of the most common distribution methods is phishing emails. Cybercriminals send seemingly legitimate emails with malicious attachments or links. When the recipient interacts with these attachments or links, the ransomware gets downloaded and executed on their system.
Malicious Websites: Cybercriminals may set up websites that offer enticing downloads, such as cracked software or free applications. Users who visit these sites and download the offered content might unknowingly install ransomware on their computers.
Drive-By Downloads: In some cases, ransomware can be distributed through drive-by downloads. When a user visits a compromised or malicious website, the ransomware is automatically downloaded and executed on their system without their knowledge or consent.
Exploiting Vulnerabilities: Ransomware can exploit software vulnerabilities in operating systems or applications. If a user's system is not up to date with security patches, it can be susceptible to ransomware attacks.
Malvertising: Malicious advertising, or malvertising, involves the injection of malicious code into online advertisements. When users click on these ads, they may inadvertently download ransomware onto their devices.
Peer-to-Peer (P2P) File Sharing: Ransomware may be bundled with cracked or pirated software that users download from P2P file-sharing networks. This is a common way to infect users who seek to obtain software illegally.
Remote Desktop Protocol (RDP) Attacks: Attackers may exploit weak or default RDP credentials to gain access to a system, from which they can manually install ransomware or use automated tools to propagate it.
Malware Droppers: Some ransomware is delivered by malware droppers. These are separate pieces of malware that are initially installed on a system, and they, in turn, download and execute the ransomware.