WIZOZ Ransomware

A new threat named WIZOZ Ransomware has been spotted in the wild by infosec researchers. Systems infected by the threat WIZOZ Ransomware, which is a VoidCrypt variant, will have their data encrypted and thus rendered inaccessible and unusable. The cybercriminals behind the threat will then extort their victims for money in exchange for potentially restoring the locked data. When the WIZOZ Ransomware encrypts a file, it will modify that file's name drastically. The new file names consist of the original name, followed by an email address, an ID string specific for the particular victim, and a new file extension. The email address used by the threat is 'whizoze@gmail.com,' while the file extension is '.WIZOZ.' A ransom note with instructions will be created as a text file named 'Decrypt-info.txt.'

WIZOZ Ransomware's Demands

The ransom note states that payment to the hackers must be made using the Bitcoin cryptocurrency. However, before that, victims must locate a file named 'prvkey*.txt.key' on their systems. Usually, the WIZOZ ransomware creates that file in the C:\ProgramData\ folder. The file must then be sent to the hackers via an email message to the two provided email addresses - 'whizoze@gmail.com' and 'whizoze@tutanota.com.' Victims also can attach a single encrypted file that the hackers promise to unlock and send back. 

The full text of the note generated by WIZOZ Ransomware is:

'All Your Files Has Been Encrypted

You Have to Pay to Get Your Files Back

1-Go to C:\ProgramData\ or in Your other Drives   and send us prvkey*.txt.key  file ,  *  might be a number (like this : prvkey3.txt.key)

2-You can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data

3-Payment should be with Bitcoin

4-Changing Windows without saving prvkey.txt.key file will cause permanete Data loss

Our Email:whizoze@gmail.com

in Case of no Answer:whizoze@tutanota.com'