Remove Ittzn virus + Decrypt locked data

Tips for Ittzn virus removal

Ittzn virus is notorious computer threat made by hackers for extorting money from users. It is file encrypting malware discovered by GrujaRS and belongs to CONTI ransomware family. This ransomware encrypts all users’ data by adding its own specific extension “.ITTZN” to the end of every filenames and makes completely unusable. Just after that, it creates ransom note R3ADM3.txt and dropped in every folder which contains encrypted files. The victims are asked for the payment for decrypting the files that are locked by the ransomware.

The instructions on how to contact Ittzn virus developers are provided under the ransom note. Inside it, there is usually an instruction saying about purchasing the decryption key. The note further states that the encryption of file is done by using AES encryption algorithm. To get the files, a unique key is required. The people behind the threat demand money in order to provide the decryption tool. They also offer free decryption service of some encrypted files. Remember that the size of file is not more than 1mb.

Text presented in the pop-up window:

All of your Files are currently encrypted by CONTI ransomware.

If you try to use any additional recovery software – the files might be damaged or lost.
To make sure that we REALLY CAN recover data – we offer you to decrypt samples.

You can contact us for further instructions through our website :


(you should download and install TOR browser first



contirecovery. info


Just in case, if you try to ignore us. We’ve downloaded your data and are ready to publish it on out news website if you do not respond.
So it will be better for both sides if you contact us ASAP.


Shall I pay money to the cyber-criminals?

It threatens users that if you don’t pay the money soon then you will lose your files permanently. However, users should know that paying money to hackers is not a good option. There is no any guarantee that after payment hackers will stop exploiting your system. Despite this, victims should know that there are several ways to remove Ittzn virus and restore all your encrypted data without paying any money. To do so, you need to use strong anti-malware removal tool that can remove this nasty file virus completely. Once malware gets removed, you can restore your files by using backup or any other data recovery tool.

Intrusion methods of Ittzn virus:

Basically, ransomware and other malware invade into your system by using several deceptive methods. Some of them are untrustworthy software download channels, Trojans, fake software updating tools, spam campaigns and fake updater. Trojans are malicious programs that are mainly designed to cause chain infection that means it download and install additional malware. Unofficial websites, third party downloader/installer, free file hosting sites and other are considered to be untrustworthy because they likely offer bundled content. Spam campaigns are used to send lots of junk files that contain malicious attachments to the recipients and hope that any one of them will open it. Once enabled, it downloads and installs malware. Lastly, fake software updaters exploit weakness in outdated program or simply install malicious content instead of promised updates.

How to avoid PC from ransomware infections?

Avoid opening emails and the attachments that look irrelevant or come from suspicious addresses. For any software download, use only official and trustworthy websites. Other channels that are mentioned in the above paragraph should not be used. Furthermore, you should update/ activate the installed software with tools and/or implemented functions that are provided (designed) by official software developers. It is not legal to activate licensed programs with various cracking tools. Always install reputable antivirus or anti-spyware programs. To remove Ittzn virus from computer, users are recommended to use strong anti-malware removal tool.

Threat summary

Name: Ittzn virus

File Extension: .ITTZN

Type: Ransomware, Cryptovirus

Short Description: The ransomware encrypts files on your computer system and demands a ransom to be paid to allegedly recover them.

Symptoms: The Ittzn virus will encrypt your files by appending the .ITTZN extension to them, along with a unique identification number placing the new .ITTZN extension as a secondary.

Ransom Demanding Note: R3ADM3.txt

Distribution Method: Spam Emails, Email Attachments, torrent file downloads, malicious ads, free file hosting sites, corrupted websites, malicious links and so on.

Damage: All files as well as data are encrypted and cannot be accessed without paying money. They ask you to pay money in form of Bitcoin.

Removal and File Recovery: Use reliable anti-malware removal tool to remove Ittzn virus completely from the system. Once malware gets removed, you can recover your files using existing backup or other data recovery tool.

Do You Suspect Your Computer May Be Infected with ‘Ittzn virus’ & Other Threats? Scan Your Computer for Threats with SpyHunter

Spyhunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like Ittzn virus as well as a one-on-one tech support service.

For more information, read SpyHunter’s EULA, Threat Assessment Criteria, and Privacy Policy. The scanner you download here is free version and is able to scan your system for possible threat’s presence. however, it requires a 48 hour period to remove detected threats without any charge. if you want not to wait for that period, you will have to purchase its licensed version.

(Data Recovery Solution)

The first recommendation is to recover your encrypted data with backup files you have created. In case there is no backup available, try to restore your encrypted data with data recovery tool suggested here.

Recommended methods for Ittzn virus removal and restore encrypted files

Ittzn virus is very harmful crypto-malware designed to encrypt all types of files including photos, audios, videos, documents and other files, and make them inaccessible. After encryption process, it spreads the ransom note in each folder of your computer that claims the decryption is possible only when you use its data recovery service. We recommended you to please avoid paying demanded ransom money to them.

In that case, you need to remove Ittzn virus and all the related components from PCs immediately and then perform data recovery process. Here, we are discussing about both malware removal and data recovery method that could help you to solve your problem. Ransomware removal method will help to find the location of this nasty crypto-malware in your computer and remove them completely while data recovery method will help you to get back your damaged or locked files in your machine. Let’s go for the solution.

Remove Ittzn virus using “Safe Mode with Networking”

  • Restart your PCs and press “F8” function key multiple times you see the “Advance Boot Options” window
  • Select “Safe Mode with Networking” in the list
  • Now, log in to account with Ittzn virus infection
  • Open your internet browser and download the legitimate anti-malware software. You can download “SpyHunter” anti-malware software that has the ability to delete all types of malware or spyware from machine.
  • Update the anti-malware software and starts the “Full Scan” operation to remove all programs related to Ittzn virus from machine.

Remove Ittzn virus using “Safe Mode with Command Prompt” and “System Restore”

  • Restart your computer and press “F8” function key multiple times until “Windows Advance Options” menu appears

  • Select “Safe Mode with Command Prompt” option in the list

  • Now, type “cd restore” command in command Prompt and hit “Enter” key to execute it

  • After that, type “rstrui.exe” command in command line and hit “Enter” key
  • Once “rstrui.exe” command executed, “System Restore” window will appear
  • Click on “Next” button

  • Choose one of available “Restore Points” and click on “Next”

  • In the confirmation dialog box, click on “Yes” to start “System Restore” process

  • After restoring your computer to previous date, download/install and scan your computer with powerful anti-malware software to eliminate any remaining malicious programs related of Ittzn virus. You can download the powerful antivirus software via “download link” below

Download Spyhunter Anti-Malware Tool

Restore files encrypted by Ittzn virus using “Windows Previous Versions” feature

To restore individual files encrypted by Ittzn virus, follow the steps below:

  • To restore a file, right-click on it and go to “Properties”
  • Select the “Previous Versions” tab
  • If the relevant files has a “Restore Point”, select it and click on “Restore” button

Note: This method is only effective if “System Restore” function was enabled on your Windows operating System. On other hand, some ransomware variants like Ittzn virus are known to remove “Shadow Volume Copies” of the files. So, we can say that this method may not work for data recovery.

Restore files locked by Ittzn virus using “Shadow Explorer”

To restore files, you can use “Shadow Explorer” application. This application allows you to browse the “Shadow Copies” created by Windows OS Shadow Copy Service. “Shadow Explorer” helps if you are unable of access the “Shadow Copies” by default especially in “Windows Home Editions”. Note that “Shadow Copies” can directly be accessed only in Business Ultimate and Enterprise versions.

“Shadow Explorer” provides Volume Shadow copy service and other features including retrieve all the variants of files and folders available, allow to access through shadow copies and show available current copies.

Important Note: This data recovery application is designed to decrypt or recover your files from Shadow copies which is created by “Windows Volume Shadow Copies Service”. But when we talk about Ittzn virus or other harmful ransomware variants, it usually deletes “Shadow volume copies” and any other backup files using malicious tricks. So if System has already been infected with this type of ransomware virus, then you can’t access “Shadow Copies” using this software. Anyway, you can use “Shadow Explorer” if you want and please check if it works.

How to download/install and use “Shadow Explorer” on Windows PCs?

  • Click on “Download” button below to download the “Shadow Explorer” application

Download Shadow Explorer

  • Double-click on “Installer file” or “Downloaded ZIP file” to install this software
  • Once installed, open “Shadow Explorer” as Administrator

  • Now, from the drop down list you can select from one of the available point-in-time Shadow copies

  • You can right-click on any file or folder and export it
  • After that, choose a folder where the files from “Shadow Copies” are saved to

  • In case if a file or folder in the destination folder already exists, “Shadow Explorer” asks for the confirmation before overwriting. Check the box “Do not show this dialog again”, if you don’t want to show this again.
  • There is a button in the settings (File, Settings) to reset this decision

Recovery of files encrypted by Ittzn virus or similar ransomware

If you are unable to recover your lost files by using “System Restore”, “Windows Previous versions features” and “Shadow Explorer”, then you can go for another data recovery solution. As said earlier in most of the cases, ransomware variants like Ittzn virus are capable of deleting “Shadow volume copies” created by Windows OS by default. In this case, you can use “Stellar Data Recovery Software”. This powerful data recovery software is designed to recover all files encrypted by Ittzn virus.

“Stellar Data Recovery Software” is user-friendly software for Windows and Mac OS X based devices that features include RAID and Virtual drive recovery and repairing all types of corrupted files. It works with both non-bootable and encrypted drives. In simple word, we can say that this powerful data recover software does great job.

This powerful recovery software takes less time to recover files locked by Ittzn virus and support all known files type and custom types can be added with advanced options menu. “Stellar Data Recovery Software” recovers emails, photos, audios, videos, documents and etc from any storage media devices like hard drives, SSD, DVD, USB drives, and others

On other hand, it recovers crucial data from missing or deleted partitions of hard drive volume in just few steps. It generates a preview of search results during scan so you get to see all the recoverable files before recovery. This preview result appears on screen in “Tree-View” and deleted list formats.

How to download/install and use “Stellar Data Recovery Software” on Windows PCs?

  • Click on “Download” button below to download “Stellar Data Recovery Software” in your computer

Download Stellar Data Recovery Software

  • Double-click on “Installer file” to install the application
  • Once installed, open “Stellar Data Recovery Software”
  • Select type of data you want to recover. Option: All Data, Office Documents, Folders, Emails, Audios and Videos. And then click on “Next”

  • Now, select he folder location, drive or volume you want to scan for data and click on “Scan”

  • Wait for the completion. Once done, select the files and click on “Recover” button to save your recover files

Related posts

Leave a Comment