Threat Database Ransomware Kozy.Jozy Ransomware

Kozy.Jozy Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 10,292
Threat Level: 100 % (High)
Infected Computers: 277
First Seen: June 22, 2016
Last Seen: August 19, 2023
OS(es) Affected: Windows

The Kozy.Jozy Ransomware is a ransomware Trojan that uses strong encryption to encrypt the victim's files. Like most ransomware Trojans, the Kozy.Jozy Ransomware demands the payment of a ransom to provide the decryption key. Essentially, the Kozy.Jozy Ransomware holds the victim's files hostage for ransom. PC security analysts suspect that the Kozy.Jozy Ransomware is directed towards computer users in the Russian-speaking world because its ransom message is written in Russian. The Kozy.Jozy Ransomware will add a file extension comprised of a long string of random symbols to files it has encrypted. Computer users affected by the Kozy.Jozy Ransomware are instructed to email the Kozy.Jozy at a Yahoo email address. Computer users should avoid paying the Kozy.Jozy Ransomware ransom, since there is no guarantee that the people responsible for the Kozy.Jozy Ransomware attack will keep their promise and provide the decryption key after the ransom is paid.

The not-so-Kozy Situation Created by the Kozy.Jozy Ransomware

The most probable distribution method associated with the Kozy.Jozy Ransomware is email spam. The Kozy.Jozy Ransomware may be delivered to the victims' computers through compromised email attachments or links embedded in these unsolicited email messages. As soon as the corrupted embedded file or link is opened, the Kozy.Jozy Ransomware enters the victim's computer and initiates its attack.

As soon as the Kozy.Jozy Ransomware enters the victim's computer, it creates its corrupted executable file on the victim's PC. The Kozy.Jozy Ransomware will then scan all the drives connected to the infected computer in search for files with certain file extensions. The Kozy.Jozy Ransomware searches for files with following file extensions:

.cd, .ldf, .mdf, .max, .dbf, .epf, .1cd, .md, .pdf, .ppt, .xls, .doc, .arj, .tar, .7z, .rar, .zip, .tif, .jpg, .bmp, .png, .cdr, .psd, .jpeg, .docx, .xlsx, .pptx, .accdb, .mdb, .rtf, .odt, .ods, .odb, .odg.

The Kozy.Jozy Ransomware uses a strong encryption algorithm to encrypt all files with the file extensions above, changing their extensions to a long string of random characters. The Kozy.Jozy Ransomware will also delete all Shadow Copies on the affected computer by executing the following .bat command:

vssadmin.exe delete shadows /all /quiet

This prevents computer users from recovering their files using a Shadow Volume Explorer or a similar utility. The Kozy.Jozy Ransomware drops a file named 'w.jpg' on the affected computer's desktop. This file encompasses instructions on how to pay the Kozy.Jozy Ransomware's ransom, written entirely in Russian. The following is the ransom message that has been associated with the Kozy.Jozy Ransomware:

'ВАШИ ФАЙЛЪI ЗАШИФРОВАНЪI!
С использованием очень стойкого алгоритма RSA-2048. Попьiтки восстановить файльi самостоятельно приведут лишь к их безвозвратной порче. Если же они вам нужнъi то отправьте один из пострадавших файлов на ящик
the Kozy.Jozy@yahoo.com

Below is a translation to English of the message above:

'YOUR FILES ARE ENCRYPTED!
with the usage of the very strong algorithm RSA-2048. Anny attempt to restore the files by yourself will lead to their inevitable loss. If you want them then send one of the encrypted files on the e-mail
the Kozy.Jozy@yahoo.com'

The ransom associated with the Kozy.Jozy Ransomware is paid in BitCoin, which may require computer users connecting payment sites using TOR. PC security analysts strongly advise avoiding paying the ransom.

How to Deal with Threats Like the Kozy.Jozy Ransomware

The best way to deal with threats like the Kozy.Jozy Ransomware is to take preventive measures. Malware analysts strongly advise computer users to backup all of their files regularly on an external memory device. Having backups of all important files make computer users invulnerable to these attacks. If a computer user has a well-maintained backup, then they can simply recover from a Kozy.Jozy Ransomware attack by restoring their files from the backup. PC security analysts also advise computer users to have a strong anti-virus program at all times since it will be able to intercept the Kozy.Jozy Ransomware and similar threats before they enter the targeted computer.

Trending

Most Viewed

Loading...