.Odin Extension – Research Report
A
very latest variant of Locky Ransomware is in the wild, called .Odin
Extension. Usually Locky appends .zepto extension to the encrypted
files but this variant appends the extension .Odin to the files and
leaves ransom note behind. Odin Extension is being distributed via
Spam emails that carry a malicious WSF (Windows Script File) as
attachment. It uses extremely effective encipher engine that combines
RSA-2048 and AES-128 ciphers to encrypt victims files. These two
ciphers are also used in Military Base and other Government
Organization to secure highly classified data though you can imagine
how difficult it will be to restore corrupted files. But you don't
need to panic now, we've found alternative methods that might help
you to decrypt your files. Before moving for the file decryption process, you need to delete .Odin Extension completely from your system. Though, we suggest you to read the article
thoroughly.
How does .Odin Extension Encrypt Your Files?
Once
you download and execute the WSF attachment file, an Exploit kit gets
downloaded from Hacker's website as an encoded file without any
specific extension. Afterwards, that file gets decoded into Windows
Dynamic Link Library (also known as DLL) and then exploit kit is
lunched using rundll32.exe that searches for the certain stored file
types and encrypts them using combined asymmetric ciphers. Even,
encrypted files name get renamed like from Flower.jpg to Flower.Odin.
It means this ransomware appends .Odin extension to all encrypted
files.
After
the completion of file encryption process, .Odin extension replace
default desktop wall paper with a BMP image which displays ransom
text on the PC screen. Even it leaves ransom note along with each
corrupted files with different names. The ransom note linked to .Odin Extension variant of Locky use the following file names:
_16_HOWDO_text.html
_HOWDO_text.bmp
_HOWDO_text.html
.Odin
Extension is designed to encrypt following types of files which might
be stored on PC's Local Drives, External Drives including mapped
network drives as well.
.Odin Extension – How to keep Your Data and PC safe?
As
you might know, this variant of Locky ransomware has become a direct
threat for PC users whether they are common people or business
organization. Once your files get encrypted, it is nearly impossible
to decrypt data unless a ransom amount is paid to the Attackers. In
most of cases, even after paying ransom their files didn't get
decrypted, means given decryption key didn't work. Hence, it's better
to be prepared before ransomware attacks. It is recommended to follow
the precaution methods mentioned below:
- First of all, Keep clean backup of your data and store them on external drive. Regular back up might help you to recover your data even in critical situation easily.
- Purchase full version of a reliable Antivirus software from local store or online and install it on your PC. Keep your PC's software up-to-date.
- You must apply recommended security settings for your PC's Windows OS and all other software.
- Most importantly, Do not click suspicious links/download attachments that is attached into emails, sent by unexpected sources.
Guide to Remove .Odin Extension Ransomware & Restore Original File
Step1: Reboot Windows in Safe Mode with Networking.
Step 2: Kill .Odin Extension Ransomware Related Process From Task Manager?
- Then select the processes and click on “End Process” button to terminate related tasks.
Step 3: How to Uninstall .Odin Extension Ransomware From Windows Control Panel?
- Find and remove all .Odin Extension Ransomware related and other suspicious software from installed programs list.
Note:
Manual Removal Process might corrupt your Windows Operating system,
if you delete system files even by mistake. Though, if you are not a
tech-person, It is recommended to download a Reliable and
Multi-layered security software to remove .Odin Extension (Locky)
ransomware automatically from your PC.
How to Restore .Odin Extension Ransomware Encrypted Files?
Method: Using File Recovery Software
Some
variants of the ransomware don't delete the Shadow Copies of your
Original files. Hence, in order to restore your original files back,
you can use File Recovery Software. It is programmed to help PC users
to restore deleted or encrypted files easily.
- To use File Recovery Software, First downloaded and install it on your system.
- Find its shortcut on your Desktop or in all Programs list, open it and select C: drive from left panel
- In the date filed, We recommend you to select time frame of atleast a month ago or when your computer was not infected.
- Afterwards, you have to browse to the folder having encrypted data and Select it.
- Now, you Right Click on the encrypted data and files.
- Select Export option and choose a specific destination folder for restoring the original files.
Still Facing Problem!! Watch Video Tutorial to Remove .Odin Extension Ransomware and Recover Files having .Odin extension Easily