Kozy.Jozy Ransomware

What is Kozy.Jozy Ransomware?

Kozy.Jozy Ransomware is another computer infection developed in Russia. Even though specialists consider it to be the Russian ransomware, it does not mean that this infection only spreads in Russia, which means that you might allow this infection to enter your system if you are not careful enough as well. The first symptom that the ransomware infection has found a way to your computer is a bunch of encrypted files. It is not difficult to say that files are encrypted because another filename extension will be added to the files Kozy.Jozy Ransomware touches. You will also simply notice that it is impossible to open them. Researchers working at anti-spyware-101.com have managed to find out that this computer infection uses RSA-2048, which is known to be the asymmetric encryption algorithm, so this means that files will not be unlocked for you even if you remove Kozy.Jozy Ransomware from your computer. Of course, it does not mean that you should keep this ransomware infection on your computer because it might encrypt your new files again. Ransomware infections are definitely not simple threats that have uninstallers and can be erased from the system easily, so we are 99% sure that you will need our help to delete it from the system. We have provided information on the removal of this threat in the article, and you will find the manual removal instructions below the article. Use them only after you read the article fully.test

What does Kozy.Jozy Ransomware do?

Research has revealed that Kozy.Jozy Ransomware will immediately change the Desktop background after it finishes encrypting all the files. The message will be opened again after the computer restart despite the fact that the Desktop wallpaper has already been changed. In order to be able to do that, this threat will create the wall value in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. As Kozy.Jozy Ransomware is known to be the Russian ransomware, it is not surprising that it will set the wallpaper with the message in Russian:

ВАШИ ФАйлы ЗАШИФРОВАНЫ! с использованием очень стойкого алгоритма RSA-2048. Попытки восстановить файлы самостоятельно приведут лишь к их безвозвратной порче. Если же они вам нужны то отправьте один из пострадавших файлов на ящик

Generally speaking, it is said that all the files are encrypted using the RSA-2048 encryption algorithm and users have to write an email to kozy.jozy@yahoo.com and attach one of the encrypted files to find out how to decrypt the remaining data.

All the encrypted files will have a new filename extension, for example, .31392E30362E32303136_06_LSBJ1; however, this ransomware infection might use other variants too (e.g. .31392E30362E32303136_(0-20)_ZHM1 and .31342E30362E32303136_(0-20)_KTR1), which proves that other cyber criminals can buy the basic version of this infection and then customize it according to their needs. You have probably already noticed that almost all your personal files have a new extension and are encrypted. We know that you need those files back badly; however, we are also sure that cyber criminals do not unlock files for all the users who transfer money. Of course, you will not unlock those files yourself either; however, we believe that the free decryption tool will be released by specialists in the future. It is better to wait for it to be released or recover files from a backup than pay money. Believe us; the ransom this infection asks users to pay is not tiny.

Where does Kozy.Jozy Ransomware come from?

Research has shown that this ransomware is spread like other well-known ransomware infections, e.g. Cerber Ransomware, Dr Jimbo Ransomware, and Crypt38 Ransomware, which are quite popular these days. Speaking more specifically, this threat pretends to be a legitimate file and comes as an attachment in spam emails. Users do not think that these files are harmful because they usually look like simple documents, e.g. карточка ООО Скрит.docx.exe and thus download and open them without fear. This is the moment they allow malware to sneak onto their computers. Of course, we do not say that it cannot find other ways to enter your system as well. To make sure that another ransomware infection cannot enter your PC you should install reputable antimalware software.

How to delete Kozy.Jozy Ransomware

It is a must to delete Kozy.Jozy Ransomware from the system as soon as possible in order not to allow it to encrypt new files. We hope that it will not be hard for you to do that using our manual removal instructions. Unfortunately, your .dbf, .tar, .7z, .zip, .tif, .png, .psd, .jpeg, .xlsx, .pptx, .accdb, .mdb, .odt, .odb, and .odg files will not be unlocked for you. It would be smart to scan the system with the SpyHunter scanner after you delete Kozy.Jozy Ransomware fully too because your PC might contain other threats that have to be erased ASAP.

Remove Kozy.Jozy Ransomware

  1. Find the malicious file, e.g. карточка ООО Скрит.docx.exe you have downloaded.
  2. Delete it.
  3. Launch RUN (Win+R).
  4. Enter regedit.exe into the box and click OK.
  5. Move to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  6. Locate the wall value, right-click on it, and select Delete.
  7. Remove w.jpg from Desktop.
  8. Empty the Recycle bin.
  9. Restart your computer.
100% FREE spyware scan and
tested removal of Kozy.Jozy Ransomware*

Leave a Comment

Enter the numbers in the box to the right *