Home Malware Programs Ransomware Kozy.Jozy Ransomware

Kozy.Jozy Ransomware

Posted: June 22, 2016

Threat Metric

Ranking: 10,035
Threat Level: 10/10
Infected PCs: 656
First Seen: June 22, 2016
Last Seen: September 28, 2023
OS(es) Affected: Windows

The Kozy.Jozy Ransomware is a Trojan that blocks the content of your PC by encrypting it. Ordinarily, con artists ask for money in return for reversing the effects of such attacks but can provide no hard guarantee of following through on their word. Taking that risk into account, malware analysts always encourage other solutions, such as keeping a non-local backup and using your anti-malware tools for removing the Kozy.Jozy Ransomware infections.

A Ransom Delivered Straight to Your Desktop

Even seemingly inconsequential variations in threats can be symptomatic of productive forces at work, such as the presence of dedicated black market rentals or internal update branches. The Kozy.Jozy Ransomware is just one specimen exhibiting such seemingly minor differences between different installations. However, the broad strokes of its payload always keep to a dependable pattern of using encryption against the PC user's data, presumably so that its administrators can collect a ransom afterward.

The essential functions of the Kozy.Jozy Ransomware's payload are as follows:

  • The Kozy.Jozy Ransomware scans for specific types of data, including compressed archives (such as ZIP), Microsoft Office content, images, and CD-based media. The Kozy.Jozy Ransomware sends all such information through an encryption routine.
  • The name of each file noted above is given a new extension, including a string of non-random alphanumeric characters (such as .31342E30362E32303136_(0-20)_KTR1).
  • The threat also deletes Windows-based local backups by abusing a hidden CMD command.
  • Lastly, the Kozy.Jozy Ransomware changes your desktop image to its ransom note. Current messages are JPG images displaying Russian text redirecting their victims to e-mail communication channels, most likely for ransoming purposes.

Although malware experts have seen previous threats adhering to file-renaming formats similar to that used by the Kozy.Jozy Ransomware, past attacks invariably inserted e-mail addresses directly into the names. The Kozy.Jozy Ransomware 's lack of such could indicate a branch in a Trojan development kit, or that a brand new toolkit is in distribution.

Wiping a Potential Ransom Off Your Screen

Many file encryptors threaten of using more robust encryption algorithms than their developers bother to implement. Regrettably, the Kozy.Jozy Ransomware holds faithful to its claims of using asymmetric RSA-2048, making the potential for free decryption extremely limited. For the immediate future, malware analysts still advise using backups kept on non-local devices, such as USB-based peripherals, which can override the Kozy.Jozy Ransomware's encrypted content without needing to decrypt it.

Distribution models of threats derived from third-party development kits may vary substantially between different administrators. However, e-mail spam is, overall, the preferred means of distributing threats like the Kozy.Jozy Ransomware, particularly to the business systems most vulnerable to losing valuable data. Expect such messages to take disguised formats with their contents associated with local industry work, or general notifications, such as invoices for failed deliveries.

This threat does not distribute itself, and may require assistance from a second threat, such as a Trojan dropper or a document-embedded exploit, to achieve system persistence. Use your anti-malware products as usual for identifying and deleting a Kozy.Jozy Ransomware infection. However, the Kozy.Jozy Ransomware may see variations and updates coming into the future, and malware experts also must stress that

Loading...