Roza Ransomware Data Recovery

History

Roza was first spotted in the wild in August 2016. It is a ransomware-type malware that encrypts the files on an infected computer and demands a ransom for the decryption key. Roza is believed to be a variant of the EDA2 Ransomware, which was first seen in 2015.

The biggest Roza Ransomware outbreak occurred in October 2016, when it targeted users of the Ukrainian government website. Roza has also been used in targeted attacks against businesses in Russia and Ukraine.

In November 2016, Roza Ransomware was spotted being distributed via the EITest campaign. This campaign uses malicious ads on legitimate websites to redirect victims to exploit kits that deliver this ransomware.

How does it work?

Roza is distributed via spam emails that contain malicious attachments or links.

Once executed, ransomware will scan the victim’s hard drive for certain file types and encrypt them using AES-256 encryption. The encrypted files will have the “.locked” extension added to their names.

After the encryption process is complete, Roza will display a ransom note named “README.txt” that contains instructions on how to pay the ransom and regain access to the encrypted files.

The ransom amount is currently unknown, but it is likely to be in the range of 1-2 Bitcoins. This ransomware is currently considered a low threat, but victims are advised not to pay the ransom as there is no guarantee that they will receive the decryption key.

Protection

To protect yourself, never open email attachments from unknown senders. If you must open an attachment, make sure that it is scanned with a reputable antivirus program before opening it. In addition, avoid clicking on links in emails from unknown senders. If you are unsure whether an email is legitimate, contact the company or sender directly to verify its authenticity before opening it. Also, make sure that your computer has a reputable antivirus program installed and that it is kept up-to-date. And finally, backup your important files regularly to an external drive or online service in case you need to restore them.

What to do if you are infected?

We recommend that you take the following steps:

• Do not pay the ransom.
• Use a reputable anti-malware program to scan your computer for Roza and other malware.
• If your files have been encrypted, there is no guarantee that they can be recovered. However, you may be able to use a data recovery program to recover some of your files. SalvageData data recovery software is known to be effective in some cases.
• Change all your passwords once your computer is clean.

Public decryption tool

There is no public decryption tool available for Roza at this time.

Contact a data recovery service

If you do not want to attempt to remove and decrypt Roza ransomware yourself, you may want to contact a data recovery company. We recommend the following company:

SalvageData Recovery Services

SalvageData is a data recovery service with over 15 years of experience. Our team of certified data recovery experts can help you get your files back. We offer a free evaluation so that you can see if we can recover your files before you make a decision. You can contact us at:

Toll-free number: 1-888-872-3282

Email: info@salvagedata.com

Website: https://www.salvagedata.com