Roza was first spotted in the wild in August 2016. It is a ransomware-type malware that encrypts the files on an infected computer and demands a ransom for the decryption key. Roza is believed to be a variant of the EDA2 Ransomware, which was first seen in 2015.
The biggest Roza Ransomware outbreak occurred in October 2016, when it targeted users of the Ukrainian government website. Roza has also been used in targeted attacks against businesses in Russia and Ukraine.
In November 2016, Roza Ransomware was spotted being distributed via the EITest campaign. This campaign uses malicious ads on legitimate websites to redirect victims to exploit kits that deliver this ransomware.
Roza is distributed via spam emails that contain malicious attachments or links.
Once executed, ransomware will scan the victim’s hard drive for certain file types and encrypt them using AES-256 encryption. The encrypted files will have the “.locked” extension added to their names.
After the encryption process is complete, Roza will display a ransom note named “README.txt” that contains instructions on how to pay the ransom and regain access to the encrypted files.
The ransom amount is currently unknown, but it is likely to be in the range of 1-2 Bitcoins. This ransomware is currently considered a low threat, but victims are advised not to pay the ransom as there is no guarantee that they will receive the decryption key.
To protect yourself, never open email attachments from unknown senders. If you must open an attachment, make sure that it is scanned with a reputable antivirus program before opening it. In addition, avoid clicking on links in emails from unknown senders. If you are unsure whether an email is legitimate, contact the company or sender directly to verify its authenticity before opening it. Also, make sure that your computer has a reputable antivirus program installed and that it is kept up-to-date. And finally, backup your important files regularly to an external drive or online service in case you need to restore them.
We recommend that you take the following steps:
Public decryption tool
There is no public decryption tool available for Roza at this time.
If you do not want to attempt to remove and decrypt Roza ransomware yourself, you may want to contact a data recovery company. We recommend the following company:
SalvageData is a data recovery service with over 15 years of experience. Our team of certified data recovery experts can help you get your files back. We offer a free evaluation so that you can see if we can recover your files before you make a decision. You can contact us at:
Toll-free number: 1-888-872-3282
Email: info@salvagedata.com
Website: https://www.salvagedata.com
Recovery mode is a crucial feature for troubleshooting and restoring an iPad when it encounters…
Whether you’re a professional juggling important work documents or an individual cherishing irreplaceable memories, safeguarding…
It's not uncommon to encounter issues where an external drive is not showing up on…
When restoring your iPhone from a backup, you may discover it is corrupted or incomplete.…
Backup and remote wiping procedures are two critical components of data security and management for…
VMware is a leading virtualization and cloud computing software provider. Its core technology allows multiple…