OzozaLocker Ransomware
Posted: November 24, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 97 |
| First Seen: | November 24, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The OzozaLocker Ransomware is a Trojan that encrypts files of specified formats in various locations of your hard drive, such as your Downloads folder. While its author asks for Bitcoin payments in return for his decryption help, malware experts recommend turning to free decryption software or other solutions, such as restoring from a backup. Until you uninstall the OzozaLocker Ransomware through anti-malware tools that can confirm its full deletion, this threat represents a direct hazard to all locally saved data.
Trojans Taking from the Nice to Give to the Naughty
Just as the changing of seasons causes shifts in consumers' purchasing habits, threat authors, too, update their campaigns or make new ones to take advantage of the upcoming holidays or seasonal trends. For instance, the OzozaLocker Ransomware is a new Trojan with no known relatives that malware experts find using free e-mail addresses themed after the Christmas holiday. Unlucky PC users could be opening a 'gift' this Christmas that not only blocks their files but demands ransom payments to give them back to their owners.
The OzozaLocker Ransomware uses file-encrypting attacks with configurable directories and extension types to lock your media. Currently, malware experts find the OzozaLocker Ransomware avoiding encoding any program executable (EXE) or DLL files, making the OzozaLocker Ransomware present the greatest danger to other content, such as documents, sound clips, databases or pictures. Note that the OzozaLocker Ransomware also may append your files with the same '.locked' extension seen from other campaigns.
Locking your files behind its encryption algorithm is only the first half of the OzozaLocker Ransomware's payload; the other half generates configurable ransom notes through Visual Basic's MsgBox function. These notes contain instructions on paying for data recovery and enacting other communications with the con artist via his Santa_helper@protonmail.com e-mail address.
Fees so far are being set at one Bitcoin (over seven hundred USD). The use of Bitcoin prevents you from retracting the payment in the event of the con artist taking your money without giving anything back. Interestingly, malware experts see significant transaction activity from the con artist's Bitcoin wallet, although not correlating to collecting any payments necessarily.
Turning Christmas Fear into Christmas Cheer for Your PC
The OzozaLocker Ransomware is most likely a project administrated by threat actors in Russia or nearby regions, but its ransom messages target English speakers explicitly. Malware experts recommend covering common infection vectors for threats of this type, including in-browser scripts, spam e-mails, and weak passwords on all PCs with internet connectivity. Current industry-wide detection rates are low, and your anti-malware tools may need to be equipped with the latest patches to spot the OzozaLocker Ransomware before it installs itself.
Since the OzozaLocker Ransomware is an independent threat, decryption programs intended for other Trojan families can't recover your data. The development of new decryptors, while prioritized by some cyber security institutions, is never a certainty. Anyone in need of protecting their data should consider backing it up to give themselves ways of restoring content in the event of a file-encrypting attack. Always remove the OzozaLocker Ransomware beforehand with your anti-malware products to halt the progression of file loss.
Con artists, too, often give out 'season's greetings' to others, but those greetings most often are Trojans like the OzozaLocker Ransomware, signaling that not everyone is interested in peace on earth (or cyberspace).
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.