Decrypt Files Encrypted by OzozaLocker and Remove It - How to, Technology and PC Security Forum |

Decrypt Files Encrypted by OzozaLocker and Remove It

ozoza-locker-ransom-noteA ransomware virus was discovered in late November 2016, going by the name OzozaLocker. The virus’s payload is an executable, called CryptoSolution.exe and it uses a maliciously configured script to encrypt files using the AES encryption algorithm. After encrypting the files on the compromised computer, OzozaLocker asks victims to pay the sum of 1 BTC to restore their files. Fortunately, you do not have to pay this insane ransom, because EmsiSoft researcher Fabian Wosar @fwosar has created a decryptor that can restore your files for free. Keep reading this article to learn how to Remove OzozaLocker properly and decrypt your files without paying a dime to cyber-crooks.

OzozaLocker – Brief Analysis

OzozaLocker is a relatively new ransomware variant that is believed to slither onto victims’ computers via spammed e-mail messages that contain the malicious executable of the virus in an archive. The file may be concealed to resemble a .pdf or Microsoft Office document as well as other legitimate files, but once it’s opened the virus immediately begins to modify the computer.

The first thing OzozaLocker performs is to heavily modify the Windows Registry editor by adding the malicious executable in the Run and RunOnce registry keys so It can encrypt files on Windows startup.

After having done this, the OzozaLocker virus begins encrypting files using the AES (Advanced Encryption Standard). After it enciphers the files on the encrypted computer, the malware adds it’s distinctive locked extension, making the files look like the following:


The OzozaLocker virus then drops a “HOW TO DECRYPT YOUR FILES.txt” file to notify the user. The file has the following contents:

→ “Files has been encrypted.
If you want to decrypt, please, send 1 bitcoin to address 136X2LzDrLyR9EiEDV3zogwW5esq5DyHRB and write me to e-mail:
[email protected]
Your key: {custom key}”

The good news is that there has been a decryptor released specifically to help users with the free restoration of their files. Follow the instructions below to learn how to download and use it after removing OzozaLocker from your computer.

OzozaLocker Removal Manual

Before beginning any type of decryption operation, we urge you to follow either the manual or the automatic instructions below. In case you lack the experience in interfering with registry objects and concealed files, please be advised that recommendations are to download and install an advanced anti-malware program which should be able to take care of your malware problem for you.

Manually delete OzozaLocker from your computer

Note! Substantial notification about the OzozaLocker threat: Manual removal of OzozaLocker requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove OzozaLocker files and objects
2.Find malicious files created by OzozaLocker on your PC

Automatically remove OzozaLocker by downloading an advanced anti-malware program

1. Remove OzozaLocker with SpyHunter Anti-Malware Tool and back up your data

OzozaLocker Decryption Steps

To decrypt files encrypted by OzozaLocker, there are certain requirements needed. The first one of them is to have a copy of an original file as well as the same file in an encrypted variant by OzozaLocker:


In case you cannot find an original file, do not worry, you can look for the default wallpaper images from another Windows machine with the same OS version. The wallpapers are the same for every computer and they are located usually in the following directories:

→ C:\Windows\Web\Wallpaper
C:\Users\UserProfile\Sample Pictures

After having done this, we advise you to download the Emsisoft decrypter for OzozaLocker by clicking on the button below:

Then follow the below-mentioned steps:

Step 1: Drag and drop the encrypted and original file onto the decrypter, just like the animated gif below displays:


Step 2: The decrypter should launch a bruteforcing sequence:



Step 3: After this sequence is finished and a decryption key has been discovered, make sure to click on the Add Files button from the main interface of the decrypter as shown below:


Step 4: After having added the files you need, click on the Decrypt button to begin decrypting data.


If your data has been decrypted, you shall see it in the information feed of the decryptor, like the example below displays:


OzozaLocker Virus – Conclusion and Protection Tips

The bottom line for OzozaLocker is that the virus is nothing sophisticated and it’s AES encryption is breakable, as researchers have proven. But be on constant alert, because ransomware infections are having a “boom” and will likely increase even more in the near future. This is why we have prepared special protection tips that should help you guard yourself from file-encrypting malware in the future:

Tip 1: Make sure to read our general protection tips and try to make them your habit and educate others to do so as well.
Tip 2: Install an advanced anti-malware program that has an often updated real-time shield definitions and ransomware protection.
Tip 3: Seek out and download specific anti-ransomware software which is reliable.
Tip 4: Backup your files using one of the methods in this article.
Tip 5: : Make sure to use a secure web browser while surfing the world wide web.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.