Threat Database Ransomware OzozaLocker Ransomware

OzozaLocker Ransomware

By GoldSparrow in Ransomware

The OzozaLocker Ransomware is a ransomware Trojan that is being used to extort computer users. The OzozaLocker Ransomware is nearly identical to a wide variety of other ransomware Trojans released in Fall of 2016. In fact, most ransomware Trojans released in the last months share large portions of their code, since con artists may recycle and misappropriate code to be able to keep releasing these threats. If the OzozaLocker Ransomware has infected your computer, PC security analysts strongly advise removing it and restoring the files that have been affected from backup copies. Fortunately, it seems that a working decryption utility for the OzozaLocker Ransomware has been released by PC security analysts.

A Brief Description of the OzozaLocker Ransomware Attack

Computer users have reported significant issues created by the OzozaLocker Ransomware. When this threat enters a computer, it makes the victim's files inaccessible, potentially resulting in the loss of valuable and irreplaceable data. The OzozaLocker Ransomware is designed to encrypt the victim's documents, targeting files on the victim's hard drives, shared drives and external memory devices. The OzozaLocker Ransomware encrypts these files using a strong encryption algorithm, making them inaccessible without the decryption key. The files that have been encrypted by the OzozaLocker Ransomware can be identified by their new extensions. The OzozaLocker Ransomware will add the extension '.locked' to the end of the encrypted files' names, clearly identifying the OzozaLocker Ransomware as a successor of numerous other ransomware Trojans that do the same thing during the attack.

How the Makers of the OzozaLocker Ransomware may Profit at the Expense of Computer Users

The OzozaLocker Ransomware delivers a message to the victim to ask for the payment of a ransom. The OzozaLocker Ransomware offers its assistance with the process 'helpfully,' claiming that it is providing a valuable service while neglecting to acknowledge the problem is caused by the OzozaLocker Ransomware. The OzozaLocker Ransomware ransom note demands that the victim contacts the email address, paying a ransom of 1 BitCoin (approximately $700 USD at the current exchange rate) to receive the decryption key necessary to access the encrypted files. PC security analysts strongly advise computer users to avoid paying this large amount. There are several reasons why this is not advised:

  1. Paying the OzozaLocker Ransomware's ransom allows these people to continue creating these threats.
  2. There is no guarantee that the people responsible for the OzozaLocker Ransomware will keep their promise. Research has shown that many of these con artists will simply ask the victim to pay more money or ignore the victim altogether.
  3. Paying the OzozaLocker Ransomware ransom does not guarantee that the decryption key received will work, or that the victim's files will not be re-encrypted subsequently.

The OzozaLocker Ransomware delivers its ransom note in the form of a text file, which is dropped on the victim's computer. It will appear on the victim's desktop and be named 'HOW TO DECRYPT YOUR FILES.txt.' It is easy to identify the OzozaLocker Ransomware infection. The combination of its ransom note, the use of the email address mentioned above, and the '.locked' extension are enough to identify this threat and differentiate it from other ransomware variants.

Recovering from an OzozaLocker Ransomware Attack

Fortunately, PC security analysts have received news that a working decryption utility for the OzozaLocker Ransomware has already been released. This means that computer users can recover their files if they do not have backups in place. Make sure that a reliable security program that is fully up-to-date is used to remove the OzozaLocker Ransomware infection entirely. Once the OzozaLocker Ransomware is removed, the decryption utility can be used to recover all the affected files. Computer users also can wipe the affected drive clean and restore their files from a backup location, which may be the best measure if the encrypted material is very important (as would be the case of a Web server, for example).


Most Viewed