What is Odin ransomware, how to decrypt .odin files
12 MARCH 2019In this article we will tell you about the most dangerous virus in recent months: Odin ransomware. It is a virus that penetrates into users’ computers via e-mail spam and encrypts all files on the computer. After that, it requires the user money for decrypting the files. If you encounter such a problem, or simply do not want to become a victim of this virus, and want to know more about it - this article is for you.
What is Odin ransomware
When the first sample of Odin was detected, users have decided that they faced with a new kind of ransomware. However, a few days later the researchers conducted an analysis of the virus and said that Odin is the new version of the infamous virus Locky, which is more than six months terrorizing the Internet. Locky ransomware creators want to protect themselves from anti-virus programs, and therefore periodically change the name of the virus and some elements of the code in order to impede the work of experts on viruses, and independent researchers. So, after Locky virus was hacked, hackers released a version called the Zepto, and Odin is the third version of Locky. Odin has retained almost all the major features of its predecessor, but some changes are still there, and we’ll tell you about them.
The main characteristics of the virus remained unchanged. Also, it does not change the list of file extensions that are to be encrypted and the encryption algorithm. The first noticeable change was the change of file names with instructions. Now they are called _HOWDO_text.html, _HOWDO_text.bmp, and _ [2_digit_number] _HOWDO_text.html. It changes the extension that is added to the encrypted files, now it is .odin. And finally, the most important item in the list: the amount of ransom. Normally, ransomware requires the user to ransom amount from 0.25 to 1.2 BTC, and some are threatening to double the amount of repayment in the event that payment is not made within the specified period. Odin immediately requires 3 of BTC, which is a serious amount of money that you cannot just give away. We do not know why the hackers suddenly decided to raise rates, but one thing is clear: the number of people willing to pay a ransom for their data will be much less. Perhaps the hackers decided to take a sight on desktop computers and infecting corporate networks, but it is unknown how this will work.
Ways of penetration of Odin ransomware on users’ computers have not changed. It still uses e-mail, so if you actively use e-mail, we advise you to carefully inspect the letters with attachments before opening them. The use of “sandbox” programs will also be very helpful, because they allow you to open a file, while not letting him in.
Odin ransomware removal
Odin virus must be removed from your computer as soon as you receive a message with the ransom. This is to ensure that you can work on an infected computer, and do not expose the damage to the new files. In itself, the removal of the virus will not be a difficult task, but we must warn you: once you remove the virus, data recovery with the help of hacker’s website and payment of ransom becomes unavailable. The virus contains a public key, as well as the personal ID of your computer, assigned by hackers. Without this information, you cannot recover data using the payment, but it is worth considering, and whether it is possible to decrypt the data in such a way? Hackers do not give you a guarantee that they can decrypt the files, or that they will do so, after they get your money. In fact, you are going to make a deal with the criminals who robbed you before that, stealing your files. Should we expect from them that this time they will behave honestly and decipher files AFTER they receive 3 BTC ($1800) from you?