Remove Kozy.Jozy Ransomware and Get Back Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com

Remove Kozy.Jozy Ransomware and Get Back Encrypted Files

kozy-jozy-ransomware-sensorstechforumKozy.Jozy is a Ransomware virus which uses a strong RSA encryption to encrypt the files on computers it infects. The Kozy.Jozy virus is believed to be designed for Russan speaking users because its entire ransom message which it changes as a background is written in The Russian language. In addition to this, Kozy.Jozy adds a very long file-extension ending in random symbols, such as LSBJ1, ZHM1 or other similar ones. All users who have been infected with Kozy.Jozy Ransomware, are strongly advised not to contact the e-mail [email protected] and not to pay any ransom money to the cyber-crooks. Instead, it is advisable to try alternative methods for restoring files and removing the ransomware with an advanced anti-malware software, instructions for which you may find in this article.

Threat Summary

NameKozy.Jozy
TypeRansomware
Short DescriptionThe ransomware encrypts files with the RSA-2048 cipherand asks a ransom for decryption.
SymptomsFiles are encrypted and become inaccessible. A ransom note with instructions for paying the ransom shows as w.jpg image which is set as a background.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Kozy.Jozy

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Kozy.Jozy Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Kozy.Jozy Ransomware – Spread

To infect users successfully Kozy.Jozy Ransomware virus is believed to use different types of spam techniques to spread malicious URLs and malicious files:

  • Referral spam
  • E-mail spam.
  • Social media spam from compromised accounts.

The malicious files may be masked as legitimate installers of programs as well as pretending to be Microsoft Office or Adobe documents. They may also be featured on clean URLs which when opened may cause redirects to the malicious ones which can cause the infection via a drive-by download, malicious JavaScript, Exploit Kit, etc.

Kozy.Jozy Ransomware – More Information

The ransomware, known as Kozy.Jozy creates a malicious executable on the compromised computer in one of the following folders with a custom name:

commonly used file names and folders

After this, Kozy.Jozy begins scanning for user files to encode. It is reported by malware researchers on Bleeping Computer security forums to scan for files of the following types:

→ .cd, .ldf, .mdf, .max, .dbf, .epf, .1cd, .md, .pdf, .ppt, .xls, .doc, .arj, .tar, .7z, .rar, .zip, .tif, .jpg, .bmp, .png, .cdr, .psd, .jpeg, .docx, .xlsx, .pptx, .accdb, .mdb, .rtf, .odt, .ods, .odb, .odg.

As a bonus, Kozy.Jozy eradicates the shadow copies of the infected computer by executing a .bat command line in administrative mode:

→ vssadmin.exe delete shadows /all /quiet

The encrypted files contain encrypted code in segments in their hex code. The segments are split into parts of 245 bits, and the encrypted files have a very long file extension added to them. Its end may differ:

  • .31392E30362E32303136_{numbers from 0 to 20}_LSBJ1
  • .31392E30362E32303136_{numbers from 0 to 20}_ZHM1
  • .31342E30362E32303136_{numbers from 0 to 20}_KTR1

Source: Affected Users

The ransomware also drops a file, named w.jpg on the %Desktop% of the user’s computer. The file contains the ransom instructions, written in Russian:

→ “ВАШИ ФАЙЛЪI ЗАШИФРОВАНЪI!
С использованием очень стойкого алгоритма RSA-2048. Попьiтки восстановить файльi самостоятельно приведут лишь к их безвозвратной порче. Если же они вам нужнъi то отправьте один из пострадавших файлов на ящик
[email protected]
English Translation:
YOUR FILES ARE ENCRYPTED!
with the usage of the very strong algorithm RSA-2048. Anny attempt to restore the files by yourself will lead to their inevitable loss. If you want them then send one of the encrypted files on the e-mail
[email protected]

Despite that the files may be encrypted, and the cyber-criminals may require a ransom payoff in BitCoins plus they threaten file loss if you try and decrypt them yourself, we advise you NOT to pay the ransom.

Remove Kozy.Jozy Ransomware and Restore the Files

To fully erase this ransomware without damaging the files, we advise you first to copy them to a safe device. Then, it is recommended to follow the removal instructions below. In case you are experiencing difficulties in locating the files and registry objects made by Kozy.Jozy, experts, suggest using an advanced anti-malware program which should ensure maximum effectiveness in removal.

To try and restore your files, we have prepared methods in step “3. Restore files encrypted by Kozy.Jozy” below. They are not 100% effective, but if you are lucky, you may restore at least a small portion of your data.

Manually delete Kozy.Jozy from your computer

Note! Substantial notification about the Kozy.Jozy threat: Manual removal of Kozy.Jozy requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Kozy.Jozy files and objects
2.Find malicious files created by Kozy.Jozy on your PC
3.Fix registry entries created by Kozy.Jozy on your PC

Automatically remove Kozy.Jozy by downloading an advanced anti-malware program

1. Remove Kozy.Jozy with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Kozy.Jozy in the future
3. Restore files encrypted by Kozy.Jozy
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.