OzozaLocker targets Windows OS and is distributed via spam emails containing a malicious executable named CryptoSolution.exe. Once executed, OzozaLocker modifies the Windows Registry in order to encrypt files on startup. It encrypts files using AES and appends .locked to the encrypted file names. It then drops a ransom note named HOW TO DECRYPT YOU FILES.txt on the infected system. The ransom demand payment is 1 Bitcoin and asks victims to contact email@example.com to pay.