Get the 411 on Spyware
OzozaLocker Ransomware Removal Guide
We have recently discovered and tested an application called OzozaLocker Ransomware. It is an extremely malicious program because it was designed to encrypt your personal files and then demand that you pay a hefty ransom for the decryption program/key. However, you should not comply with this demand and remove this ransomware because you might not get the promised decryptor. In this article, we will overview how this ransomware is distributed, how it works, and how you can get rid of it. So if your PC has been infected with it, we invite you to read more about it.
Since this ransomware has just been discovered, its full list of distribution methods is unknown. Nevertheless, we assume that, like many low-grade ransomware, OzozaLocker Ransomware should also be distributed via malicious emails. In such cases, malware developers set up a server dedicated to sending spam mail to potential victim. The emails pose as legitimate receipts, tax return forms, and so on. Regardless of how the emails are presented (particular cases regarding this ransomware are yet to be found) they contain attached files that run a malicious script when opened and download OzozaLocker Ransomware. The attached file could pose as a PDF file while being a Trojan executable or might be a malicious Microsoft Word file that requests that you enable macros and then exploit the vulnerabilities of macros and download the ransomware. Of course, this particular ransomware can be distributed in a totally different way, but whatever the case may be, it will undoubtedly enter your PC by stealth unless you have a powerful antimalware application that could stop the infection from occurring.
Once on your computer, OzozaLocker Ransomware will run automatically and scan your computer for encryptable files. Our research has revealed that this ransomware can encrypt almost all file formats you can think of. However, it will skip .exe, .log, and .dll files. Oddly enough, this ransomware also encrypts its own ransom note named HOW TO DECRYPT YOU FILES.txt. It appends the encrypted files with the “.locked” extension. Furthermore, it uses the AES (Advanced Encryption Standard) encryption algorithm to encrypt your files.
Once the encryption is complete, it will drop its ransom note named HOW TO DECRYPT YOU FILES.txt on the desktop only. The ransom note states “If you want to decrypt, please, send 1 bitcoin to address 1J6X2LzDrLyR9EoEDVJzogwW5esq5DyHRB and write me to e-mail: Santa_helper@protonmail.com.” As you can see, the criminals behind this application want you to pay 1 BTC which is an approximate 737.41 USD and a considerable sum of money. We do not recommend that you pay the ransom because the criminals might not hold their end of the bargain and give you the promised key. We recommend searching for a free decryption tool after you have deleted this malicious program.
As you can see, OzozaLocker Ransomware is one dangerous application that can cause you some serious problems if it manages to get on your computer. However, if it already has, then you should move in and remove it immediately, but it might be too late to do anything about your files. Again, we do not recommend paying the ransom because you might not get the decrypter. Therefore, we suggest searching for a free decryption tool. And, since this ransomware’s executable can be dropped anywhere on your PC, we recommend SpyHunter’s free scanner to detect it for you and then you can remove the malicious files manually.
How to detect and delete OzozaLocker Ransomware
- Go to http://www.411-spyware.com/download-sph
- Download SpyHunter-Installer.exe and install it.
- Launch it and select Scan Computer Now!
- The, simultaneously hold down Win+E keys.
- Enter the file path of the malicious files in the File Explorer’s address box and press Enter.
- Right-click the malicious files and click Delete.
- Empty the Recycle Bin.
