A report on .odin extension
Recently a new variant of Locky Ransomware has been discovered by @dvk01uk that switches over from .ZEPTO extension to the new variant named .odin extension for encryption of users files with a new extension. This ransomware uses the extreme effective technique for encryption that combines RSA-2048 and AES-1024 ciphers. If a users has been infected by this ransomware and he thinks that he is infected with Odin Ransomware it is not the truth because you are infected with a Locky Ransomware that uses .odin extension to decrypt your files. It is same as previous ransomware variants that spread via spam email attachments, JS, WS(Windows Script File). If you double tap on these files then it download an encrypted DLL installer to decrypt users files and this program executes using Windows program named Rundll32.exe.
The command code that executed to start DLL is :
Once this code has executed successfully this Locky Ransomware variant start encryption process and rename the users files with an .odin extension and after that the ransom note names has been changed also. The ransom note that generate by this current new variant is like :
_HOWDO_text.html, _HOWDO_text.bmp, and _[2_digit_number]_HOWDO_text.html.
Security experts says this variant is very much similar like its original version that it continues to use TOR-based commands and control that targets some of the following files extensions are - .doc, .ott, .csr, .key, .xls, .pdf etc.
This .odin extension virus can lock users data, local and shared drives and makes inaccessible to you and after that it send you a ransom note on your screen in HTML form like "_HELP_instructions." and you can open this on a standard web browser. It is noticed that the hackers generally demand the ransom money between 0.5 to 1 Bitcoin and 300 to 600 USD. It may delete all your important files and documents from your system.
After encryption the hackers send you a ransom note to pay the ransom and decrypt all your files by purchasing the decryption key but wait think twice before do this. These all are a trick used by the hackers to cheat you there is no guarantee that they will provide decryption key after ransom payment so do not stuck in the trap. You can protect yourself by most used technique that is backup your data. it can be lifesaver of your system in terms of ransomware attack so always create a good data backup of your important files and documents.
Manual Process to Delete .odin extension