OzozaLocker targets Windows OS and is distributed via spam emails containing a malicious executable named CryptoSolution.exe. Once executed, OzozaLocker modifies the Windows Registry in order to encrypt files on startup. It encrypts files using AES and appends .locked to the encrypted file names. It then drops a ransom note named HOW TO DECRYPT YOU FILES.txt on the infected system. The ransom demand payment is 1 Bitcoin and asks victims to contact firstname.lastname@example.org to pay.
UPDATE 5/2/2017: A new version appends .locked to encrypted file names and drops a ransom note named HOW TO DECRYPT YOU FILES.txt. The hacker behind this campaign uses the contact email email@example.com.
Image Source: Bleeping Computer