A malicious program called Cezor ransomware virus is another development of cybercriminals. The principle of its functioning and the method of distribution is the same as in the case of the .Besub virus, the only difference is the .cezor file extension applied to the files that are encrypted by it.
Cezor ransomware – ransom note
Once on the computer, this virus completely blocks the files so that not only the user can not open them, but they also become inaccessible to the antivirus software. In this case, the only option to encrypt and unlock the files is to pay a ransom to fraudsters who are Cezor ransomware developers and offer a key to decrypt the affected files worth $980.
Text presented in the Cezor virus – ransom note:
ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-i9Z5mq0D52
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
The creators and developers of Cezor file virus have done everything possible to be sure that the user will immediately determine what exactly is infected with its software, as the affected files will have .Cezor extension. Also, scammers leave a ransom note listed above indicating the amount of money you need to pay to decrypt the files. As mentioned earlier, this is the only way to decrypt .Cezor files, unfortunately. After the user transfers the specified amount of money to the fraudsters, they provide a special code key to decrypt the affected data.
However, it should be noted that the transferred amount of money to fraudsters is not yet a guarantee that the user will receive a code to decrypt the affected files. Very often, after receiving the money, they impose new requirements for the transfer of an even larger amount of money. It is impossible to predict unambiguously what will be the actions of cybercriminals who developed the Cezor ransomware, but it is safe to say that these actions are immoral and illegal.
Threat Summary
| Name | Cezor |
| Type | Filecoder, Crypto virus, File locker, Crypto malware, Ransomware |
| Encrypted files extension | .cezor |
| Ransom note | _readme.txt |
| Contact | gorentos@bitmessage.ch, @datarestore (telegram) |
| Ransom amount | $980 in Bitcoins |
| Symptoms | Unable to open personal files. Files are encrypted with a .cezor file extension. File called such as ‘_readme.txt’, or ‘_readme” in every folder with an encrypted file. |
| Distribution ways | Phishing email scam that attempts to scare users into acting impulsively. Malicious downloads that happen without a user’s knowledge when they visit a compromised web-site. Social media, such as web-based instant messaging programs. Flash Drives containing malware. |
| Removal | Cezor ransomware removal guide |
| Decryption | Cezor decryption guide |
Of course, it can not be considered that the only correct way out of the situation when your computer is infected with Cezor virus, will be the payment of ransom, as this only leads to the prosperity of illegal actions of scammers. The smart thing to do is to try to recover the affected files from the backup or wait for the release of the programs to decrypt them. You can also try to decrypt files using the offline keys and free software listed below. How to do this, read following guide.
Quick links
- How to remove Cezor ransomware
- How to decrypt .cezor files
- How to restore .cezor files
- How to protect your personal computer from Cezor ransomware?
- To sum up
How to remove Cezor ransomware
Experienced security specialists have built efficient malware removal tools to aid users in removing Ransomware, trojans and worms. Below we will share with you the best malware removal utilities with the ability to look for and remove Cezor ransomware virus and other malicious software.
How to remove Cezor ransomware virus with Zemana AntiMalware (ZAM)
Zemana AntiMalware (ZAM) is a complete package of antimalware utilities that can help you remove Cezor ransomware virus. Despite so many features, it does not reduce the performance of your computer. Zemana has the ability to delete almost all the forms of ransomware including crypto virus, trojans, worms, adware, hijackers, PUPs and other malware. Zemana Free has real-time protection that can defeat most malicious software and ransomware. You can use Zemana AntiMalware (ZAM) with any other antivirus without any conflicts.
Now you can set up and use Zemana Anti-Malware (ZAM) to delete Cezor ransomware virus from your browser by following the steps below:
Click the link below to download Zemana setup file named Zemana.AntiMalware.Setup on your PC system. Save it to your Desktop so that you can access the file easily.
164032 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
Start the installer after it has been downloaded successfully and then follow the prompts to set up this utility on your system.
During setup you can change some settings, but we suggest you do not make any changes to default settings.
When install is done, this malicious software removal utility will automatically run and update itself. You will see its main window similar to the one below.
Now click the “Scan” button . Zemana Free utility will start scanning the whole personal computer to find out Cezor crypto virus related files, folders and registry keys. This process can take quite a while, so please be patient. When a threat is found, the count of the security threats will change accordingly.
As the scanning ends, you can check all items found on your personal computer. When you are ready, click “Next” button.
The Zemana Anti Malware will remove Cezor ransomware and move malicious items to the program’s quarantine. After disinfection is done, you can be prompted to restart your computer to make the change take effect.
Remove Cezor file virus with Kaspersky Antivirus
The Kaspersky virus removal tool is free and easy to use. It can scan and remove crypto virus like Cezor ransomware, malicious software, worms, trojans and other security threats. KVRT is powerful enough to find and delete malicious registry entries and files that are hidden on the PC.
Download Kaspersky virus removal tool (KVRT) on your system by clicking on the following link.
129055 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After the downloading process is complete, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is done, you will see the Kaspersky virus removal tool screen as shown in the figure below.
Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next press Start scan button to locate Cezor file virus. This task can take some time, so please be patient. While the utility is scanning, you can see how many objects and files has already scanned.
As the scanning ends, KVRT will display a list of detected threats as displayed in the figure below.
Once you’ve selected what you wish to remove from your personal computer click on Continue to start a cleaning process.
How to decrypt .cezor files
With some variants of Cezor file virus, it is possible to decrypt encrypted files using free tools.
Michael Gillespie (@) released the Cezor decryption tool named STOPDecrypter. It can decrypt files if they were encrypted by one of the known OFFLINE KEY’s retrieved by Michael Gillespie. Please check the twitter post for more info.
Cezor decryption tool
STOPDecrypter is a program that can be used for Cezor files decryption. One of the biggest advantages of using STOPDecrypter is that is free and easy to use. Also, it constantly keeps updating its ‘OFFLINE KEYs’ DB. Let’s see how to install STOPDecrypter and decrypt .cezor files using this free tool.
- Installing the STOPDecrypter is simple. First you will need to download STOPDecrypter on your Windows Desktop from the following link.
download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip - After the downloading process is done, close all applications and windows on your machine. Open a file location. Right-click on the icon that’s named STOPDecrypter.zip.
- Further, select ‘Extract all’ and follow the prompts.
- Once the extraction process is finished, run STOPDecrypter. Select Directory and press Decrypt button.
If STOPDecrypter does not help you to decrypt .cezor files, in some cases, you have a chance to recover your files, which were encrypted by ransomware. This is possible due to the use of the tools named ShadowExplorer and PhotoRec. An example of recovering encrypted files is given below.
How to restore .cezor files
In some cases, you can recover files encrypted by Cezor crypto malware. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted photos, documents and music.
Recover .cezor encrypted files using Shadow Explorer
A free utility named ShadowExplorer is a simple method to use the ‘Previous Versions’ feature of Microsoft Windows 10 (8, 7 , Vista). You can restore .cezor personal files encrypted by the Cezor crypto virus from Shadow Copies for free.
Visit the following page to download the latest version of ShadowExplorer for Windows. Save it on your Desktop.
438668 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
When the download is complete, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as displayed on the image below.
Run the ShadowExplorer utility and then select the disk (1) and the date (2) that you want to restore the shadow copy of file(s) encrypted by the Cezor crypto virus as displayed in the figure below.
Now navigate to the file or folder that you wish to recover. When ready right-click on it and click ‘Export’ button as on the image below.
Restore .cezor files with PhotoRec
Before a file is encrypted, the Cezor crypto virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your documents, photos and music using file recover software like PhotoRec.
Download PhotoRec on your MS Windows Desktop from the following link.
Once the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder similar to the one below.
Double click on qphotorec_win to run PhotoRec for Windows. It’ll open a screen as displayed on the image below.
Choose a drive to recover as displayed below.
You will see a list of available partitions. Choose a partition that holds encrypted files like the one below.
Click File Formats button and select file types to recover. You can to enable or disable the restore of certain file types. When this is finished, click OK button.
Next, click Browse button to select where recovered files should be written, then click Search.
Count of restored files is updated in real time. All recovered files are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the restore is complete, press on Quit button. Next, open the directory where restored photos, documents and music are stored. You will see a contents as shown on the screen below.
All restored documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your personal computer from Cezor ransomware?
Most antivirus programs already have built-in protection system against the ransomware. Therefore, if your computer does not have an antivirus program, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Run HitmanPro.Alert to protect your PC system from Cezor ransomware virus
HitmanPro.Alert is a small security utility. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
HitmanPro.Alert can be downloaded from the following link. Save it on your MS Windows desktop or in any other place.
Once downloading is finished, open the file location. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. Once the tool is started, you’ll be displayed a window where you can select a level of protection, as displayed on the image below.
Now click the Install button to activate the protection.
To sum up
Now your machine should be clean of the Cezor ransomware virus. Remove Kaspersky virus removal tool and MalwareBytes Free. We recommend that you keep Zemana Free (to periodically scan your PC for new malware). Probably you are running an older version of Java or Adobe Flash Player. This can be a security risk, so download and install the latest version right now.
If you are still having problems while trying to delete Cezor crypto malware from your machine, then ask for help here.
