Geek's Advice

BOZON ransomware is a malicious virus that encrypts all data on infected computers

BOZON ransomware is a malicious computer virus that seeks to encrypt all files on target computers and demand ransoms from their users. Our researchers suggest that users typically download this threat via websites providing cracked software versions. After being launched on the target system, the ransomware encrypts all files on it and connected drives and marks each file with .bozon extension. To illustrate, a file originally named 1.jpg becomes 1.jpg.bozon and the same process will be repeated on all data. The virus also saves a ransom note file called FILE RECOVERY.txt on victim’s desktop.

The aim of BOZON ransomware virus is to extort computer users after taking all of their personal files hostage. The ransom note called FILE RECOVERY.txt contains a message from the cybercriminals behind the attack who suggest that the only way to decrypt files is paying a ransom. They instruct the victim to send an email using a provided email address (mallox@tutanota.com) and attach one encrypted test image or text file for test decryption. They also instruct to include the victim’s personal ID (provided in the ransom note) in the email.

The criminals promise to respond quickly and send back decrypted file to prove that they’re capable to decrypt all of victim’s files. On top of that, they promise to provide the ransom amount they demand.

No matter the circumstances, you should NOT TO PAY THE RANSOM. It rarely helps to restore access to lost files, moreover, by paying up, you would help cybercriminals to fund further criminal operations and infect more people. Finally, cybercriminals tend to have a habit of targeting victims who are willing to pay the ransom. For more information regarding ransomware response, check the official FBI recommendations.

Ransomware-type viruses often travel along other malware, such as password-stealing Trojans or cryptocurrency miners. For this reason, we recommend that you remove BOZON ransomware virus and related threats without a delay. In order to restore your computer to clean state, boot your PC in Safe Mode with Networking (use instructions provided below) and run an up-to-date antivirus to ensure complete malware removal. Afterward, we recommend downloading RESTORO and performing a full system scan to identify files that can be repaired from virus damage.

Ransomware Summary

REPAIR VIRUS DAMAGE

Screenshot of FILE RECOVERY.txt ransom note dropped by this ransomware.

Screenshot of data folder containing files encrypted by BOZON ransomware.

How ransomware-type viruses are distributed

Ransomware-type computer threats like BOZON virus usually await for potential victims in illegal online downloads, mostly pirated software versions. Victims tend to download them via peer-to-peer file sharing clients or directly from rogue websites offering password-protected .ZIP or .RAR archives. After opening the alleged installation setup, the malicious program begins modifying system settings, dropping additional executables, ransom notes, and encrypting victim’s files stored on the computer.

Avoid searching for free versions of premium software versions as these are packed with malware most of the time. When you’re in need of specific program, check its official developer’s website or look for deals in confirmed partners’ websites.

Another typical ransomware distribution method relies on phishing emails composed to look like they’re coming from a trustworthy entity, such as well-known company or even government. The criminals tend to create malware-injected documents that may come in DOCX, PDF, XLS, JS and other formats. Once launched, the malicious script injected in these files activates to download and run the ransomware payload on the computer.

For this reason, stay away from emails you did not expect to receive. Also ignore emails that raise even the slightest suspicion to you, for instance, if you can spot many typo mistakes, suspicious greeting line or a spoofed email address.

Finally, victims may get infected if they click on suspicious ads online, especially those that aggressively claim you need to install some software updates. Fake software update tools are typically used to spread junkware or severe malware, so you should bypass them at all costs. If you want to install legitimate and secure software updates, you should check for them via your software’s settings directly or head to its official developer’s website.

Remove BOZON Ransomware Virus and Decrypt Your Files

In case you’ve fallen victim to a ransomware attack, it is important to stop the malware before it does more damage to your system. For this reason, we recommend you to remove BOZON ransomware virus and related malware from your computer using instructions provided below. Booting the PC in Safe Mode with Networking helps to neutralize malicious processes and make them unable to stop your security software from identifying dangerous files.

Additional tool we recommend using after BOZON ransomware virus removal can be downloaded here – RESTORO. It is an excellent tool for identifying and repairing virus damage on Windows OS files. If you have a drive containing a data backup, then you can restore your files using it, but make sure you plug it in your computer only after removing all threats from your computer.

OUR GEEKS RECOMMEND

Our team recommends removing malware using a professional antivirus software and then using the following tool to repair virus damage to Windows system files:

REPAIR VIRUS DAMAGE TO YOUR COMPUTER

DOWNLOAD RESTORO

RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically.

RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them.

Read full review here.

GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.

Alternative software recommendations

Malwarebytes Anti-Malware

Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.

System Mechanic Ultimate Defense

If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.

Norbert Webb

Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.