1 of 4
Danger level 8
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

ODIN Ransomware

ODIN Ransomware is a new variant of the famous Locky Ransomware that has infected hundreds of computers and encrypted tons of files since its release. As ODIN Ransomware is a variant of Locky Ransomware, they inevitably share similarities. Research carried out by specialists working at pcthreat.com has shown that ODIN Ransomware also encrypts files, so that it could then obtain money from users. In addition, both versions create files on Desktop after they finish encrypting personal files. Third, they both use the AES-128 and RSA-2048 encryption methods. There has been, of course, one major difference spotted as well. While Locky Ransomware (a newer version) used to add .ZEPTO filename extension, ODIN Ransomware uses the .ODIN extension for encrypted files. The presence of a new filename extension is the main symptom that ransomware has sneaked onto the computer and has already encrypted files it has found on the system. It will try to convince users to purchase the decryptor for unlocking those files. Buying it might be the only way to unlock files; however, specialists still do not think that it is smart to make a payment because nobody knows whether cyber criminals are really willing to send users the private key. Also, there might be a way to get those files back without this key, for instance, users who have copies of their files could easily restore them right after the removal of ODIN Ransomware even though they do not transfer the money developers of ODIN Ransomware require.

ODIN Ransomware encrypts a bunch of files with different formats. It has been found that it encrypts files that users consider the most valuable, e.g. those having the following filename extensions: .ogg, .doc, .mpeg, .avi, .wmv, .fla, .docx, .csv, .xlsm, .xlsb, .ppsx, .pptx, .txt, .xls, .csr, .hbk, .erf, and others. Then it sets a picture _HOWDO_text.bmp as Desktop background and drops _HOWDO_text.html and _[2 digit number]_HOWDO_text.html on the computer. These files contain the ransom note. They not only inform users that all their files are encrypted with RSA-2048 and AES-128 ciphers, but also provide links for users. First two links lead to Wikipedia, while the other two lead to the “decryptor page” with instructions on how to unlock files. As it is written there, users have to buy 3 Bitcoins and then send them to cyber criminals. It is one of the highest ransoms (~ $1800) ransomware infections demand these days. The amount of money it wants from you is really huge, so you should keep the money to yourself. In fact, you should not make a payment even though you can afford the decryption key because, as we have already told you in the 1st paragraph, there are no guarantees that you will get it and could unlock your data.

Before we start talking about the ODIN Ransomware removal, we want that you know how ransomware infections are distributed in order to prevent them from entering your computer in the future. Research carried out by our specialists has revealed that ODIN Ransomware is usually spread via spam and phishing campaigns. In most cases, this threat comes as a WS (Windows script) or JS (Java script) attachment in a spam email. If a user double-clicks on such an attachment, the DLL installer is immediately downloaded and decrypted. Then, Rundll32.exe, which is a legitimate Windows program, is used to launch .dll files. The ransomware infection will start encrypting personal files the second it manages to sneak onto the computer. Ransomware infections are extremely prevalent these days, so if you wish not to encounter such a file-encrypting infection once again, you have to stay away from spam emails and their attachments. On top of that, it is a must to install a trustworthy security tool that would protect your computer from dangers 24/7.

Personal files will not be unlocked for you even though you delete ODIN Ransomware fully from your computer, but it is still a must to remove it if you wish to use your PC without any fear that your files will be encrypted again. To remove ODIN Ransomware fully from the system, you need to delete the Windows Script or Java Script you have opened. Also, you should change your wallpaper and remove files (.bmp and .html) this infection has created. If you feel that you need some help, use our step-by-step instructions you will find below this article. Alternatively, you can fully remove ODIN Ransomware automatically by scanning the system with a reputable antimalware tool, such as SpyHunter, once.

How to remove ODIN Ransomware

  1. Locate the malicious file (WS or JS script) you have opened and then remove it.
  2. Tap Win+R to launch Run.
  3. Type regedit.exe into the box and tap Enter.
  4. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers.
  5. Locate the Value BackgroundHistoryPath and right-click on it.
  6. Select Modify.
  7. Clear the Value data.
  8. Open HKCU\Control Panel\Desktop and right-click on the Wallpaper Value.
  9. Select Modify and clear the Value data field.
  10. Close the Registry Editor and tap Win+E.
  11. Type %Temp%\MicroImageDi in the URL bar.
  12. Press Enter.
  13. Delete _HOWDO_text.bmp.
  14. Remove _HOWDO_text.html, _[2_digit_number]_HOWDO_text.html, and _HOWDO_text.bmp files from Desktop.
  15. Empty the Recycle bin.
Download Spyware Removal Tool to Remove* ODIN Ransomware
  • Quick & tested solution for ODIN Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.