OzozaLocker Ransomware Removal Guide

What is OzozaLocker Ransomware?

Our malware analysts say that OzozaLocker Ransomware is an application that has been created to encrypt files and, thus, it is extremely dangerous. You must remove it from your PC, but if it already has infected it, then rest assured that your files have been encrypted. We have received reports suggesting that a free decryption tool should be out soon, so we urge you to refrain from paying the ransom and deleting this ransomware. You should not trust the cyber criminals to give you their decryptor once you have paid because they are only interested in your money. In this article, we are going to overview how this application is distributed, how it works, and, most importantly, how you can get rid of it.

Our malware researchers have acquired a sample of this ransomware and infected one of their test computers. Once on the computer, this ransomware began scanning it for encryptable files. Research has shown that it encrypts nearly all file formats except files that have the .exe, .log, and .dll file extensions. Furthermore, it also encrypts files that do not have extensions. Still, this does not mean that this ransomware is an irrelevant threat. It uses the AES encryption algorithm to encrypt the files. It creates a unique decryption key for each victim and uploads it to the Command and Control (C2) server, so the decryption key is not stored locally on the PC.

While encrypting the files, OzozaLocker Ransomware appends them with the “.locked” so a file named file.xml will be renamed file.xml.locked. The extension does not do anything, but removing this extension will not decrypt the files. The extension serves as an indication that a file was encrypted. Once the encryption is complete, this ransomware drops only one copy of the ransom note on the desktop. The file is named HOW TO DECRYPT YOU FILES.txt. This note features text that reads “If you want to decrypt, please, send 1 bitcoin to address 1J6X2LzDrLyR9EoEDVJzogwW5esq5DyHRB and write me to e-mail: Santa_helper@protonmail.com.” So its developer wants you to pay 1 BTC which is currently an approximate 731.58 USD. Without a doubt, 731.58 USD is a significant amount of money that you might just throw away when paying the ransom because there is no guarantee that the developer will send you the decryption key.OzozaLocker Ransomware Removal GuideOzozaLocker Ransomware screenshot
Scroll down for full removal instructions

Now that we know how OzozaLocker Ransomware works let us move on to its distribution methods. Our security specialists say that it should be disseminated through email spam. They say that its developer has set up a server dedicated to sending email spam to random Internet users. The emails are made to look convincing and offer you to open the attached file that allegedly contains important information. However, the attached file contains a dropper file, usually a Trojan that secretly downloads this ransomware’s main executable on the PC. However, this ransomware’s distribution may not be limited to email spam as it can also be featured on infected websites or sites that distribute pirated content.

This is all of the information we currently have about OzozaLocker Ransomware. It is no different from hundreds of other ransomware-type malware as it was designed to encrypt files using the AES encryption algorithm. It then offers to purchase the decryptor from its developer, but you might not receive it. Therefore, we recommend that you wait till a free decryption tool is on offer. In the meantime, you should remove this ransomware, and we suggest using our guide. It involves using SpyHunter’s free scanner to detect the executable because it is named randomly and can be placed anywhere on your PC.

Removal Guide

  1. Visit http://www.spyware-techie.com/download-sph
  2. Download SpyHunter-Installer.exe and run it.
  3. Install the program.
  4. Launch it and select Scan Computer Now!
  5. Then, simultaneously hold down Windows+E keys.
  6. Enter the file path of the malicious file in the File Explorer’s address box and press Enter.
  7. Right-click the malicious file and click Delete.

In non-techie terms:

OzozaLocker Ransomware is a highly malicious program. Its sole purpose is to encrypt your files and demand that you pay a ransom to decrypt them. It can enter your PC by stealth end encrypt your files using the AES encryption algorithm. You should not trust its developer to give you the decryptor once you have paid, so we recommend that you remove it using our guide and wait for a free decryption tool to be developed.