Kozy.Jozy Ransomware

Kozy.Jozy Ransomware is a malicious program created by Russian cyber criminals, but it does not mean that it could be distributed only among users from Russia. Because it is spread by Spam email, the malware’s infected file could be sent to users from various countries. The best way to protect your system from the ransomware is to use a trustworthy antimalware tool and avoid suspicious email attachments. If your computer is already infected with Kozy.Jozy Ransomware, the instructions below will show you how to get rid of it. Before you slide below, you must keep it in mind that removing the malware will not unlock encrypted data. However, paying the ransom is not a good idea either because cyber criminals not always keep their promises.

The infection’s creators may promise to restore your data back to the way it was before, but there is no way you could trust them. There have been a lot of situations when users transferred demanded ransom but did not receive the decryption key. Naturally, if this happens, there is no way that you could get your money back. Probably, you would never hear again from the cyber criminals. Thus, this option is extremely risky, and users should take their time to consider it carefully.

The ransomware can encrypt various personal files, including photos, videos, music files, images, text or other documents, and more. It seems to be that encrypted data is given an additional extension of digits and letters. For instance, an encrypted photograph could look like this: photo.jpg. 31392E30362E32303136_06_LSBJ1. Nevertheless, it would appear to be that there could be a lot of different variations. Also, researchers do not reject the idea that Kozy.Jozy Ransomware could be put up for sale as a kit. It means that other cyber criminals could purchase the malware, modify it, and release it. It would explain a variety of different variants and extensions.

Furthermore, Kozy.Jozy Ransomware creates a Registry entry in the Run key, which is located in the HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion directory. It creates a value name titles as “wall” that has the following value data: C:\Users\user\Desktop\w.jpg. This is how the malware is able to open w.jpg file every time you log on. As you see from its path, this file should be placed on users’ Desktop. The image serves its purpose as a warning message to the victim of the infected PC. It says that data on the user’s computer was encrypted with the RSA-2048 algorithm. Also, it states that this algorithm is resistant, and if users try to restore the data themselves, it would be harmed beyond recovery. Since no one created a decryptor yet, it only proves how difficult this algorithm is.

Kozy.Jozy Ransomware’s warning note also says that users should contact the malware’s creator through email (kozy.jozy@yahoo.com). It is most likely that the reply letter would state how much money users would have to pay and the instructions on how to make the payment. Also, the text could include threats of what could happen if you do not put up with demands. For example, the cyber criminals could say that they will delete the decryption key or double the ransom. In any case, you have to understand that they are only after your money and what happens to your data does not concern cyber criminals.

The ransomware should be spread through malicious email attachments. It seems that the file should have a title written in the Russian language. Also, the malicious file itself might look like a text document, but it should be an executable file. Thus, to remove Kozy.Jozy Ransomware you have to erase this malicious file. However, the w.jpg file will still be opened through the Windows Photo Viewer when you log on to your computer. Thus, to completely get rid of the ransomware, you should erase the file from your Desktop and delete the Registry entry that is set to load it. This malware replaces your wallpaper picture too, but you can change it normally through the Windows Desktop Background settings. If this seems too complicated or you want to make sure that your system is clean from malware, download a trustworthy antimalware tool and use it eliminate the infection.

Remove Kozy.Jozy Ransomware

1. Open the Explorer (Win+E).
2. Locate the malicious file (might be in the Desktop, Downloads, or Temporary Files folders).
3. Mark the infected file, right-click it and select Delete.
4. Close the Explorer, then press Win+R, type regedit and click OK.
5. Navigate to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
6. Locate a value name titles as wall (must have the following value data: C:\Users\user\Desktop\w.jpg).
7. Right-click the value name and select Delete.
8. Go to your Desktop and right click w.jpg to erase it.
9. Empty Recycle bin.