What is Odin Ransomware
Odin Ransomware is the latest version of the infamous Locky ransomware. As we know, previously it added .locky and .zepto extensions. Now it uses .odin extension. Technically, it is the same Locky virus, that uses same asymmetric cryptography. However, now key is changed and currently AutoLocky Decryptor that was able to decrypt .locky files can do nothing with .odin files. Now ransomware uses system process (rundll32.exe) to execute malicious process and start encryption process. Odin changes desktop background image to the same picture with instructions to pay the ransom. Ransom is huge (3 BitCoins or ~$1800). Malware creates 3 files (_HOWDO_text.html, _HOWDO_text.bmp, and _HOWDO_text.html) and copies them to the folder with encrypted files.
Note: Hackers usually do not send any decryptors or decryption keys even if you pay them. Wait until working decryptor appears or try to restore .odin files manually from backup or using instructions below.
In this article you will find complete guide to remove Odin ransomware and decrypt .odin files in Windows 10, Windows 8, Windows 7 and earlier versions.
How Odin Ransomware infected your PC
Download Odin Ransomware Removal Tool
To remove Odin Ransomware completely we recommend you to use SpyHunter from EnigmaSoftware Group LLC. It detects and removes all files, folders and registry keys of Odin Ransomware.
As a good free alternative to remove Odin Ransomware use Malwarebytes Anti-Malware. It will detect core files and processes of Odin ransomware and eliminate them to allow you start decryption of your files.
How to remove Odin Ransomware manually
It is not recommended to remove Odin Ransomware manually, for safer solution use Removal Tools instead.
Odin Ransomware files:
Odin Ransomware registry keys:
How to decrypt and restore .odin files
Use automated decryptors
Odin Ransomware allows user to decrypt 1 file for free. This can be used to attempt and decrypt all files by determining encryption key using this decrypted file and comparing it with encrypted one using special tools. Ransomware decryptor from Kaspersky may be useful in this case. It is free and easy to use. Download Kaspersky Ransomware Decryptor here:
There is no purpose to pay the ransom, because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
If you are infected with Odin ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there is other dates in the list choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses like Odin Ransomware in future
Use Malwarebytes Anti-Ransomware Beta
Famous anti-malware vendor Malwarebytes along with EasySync Solutions created tool that will help you with active anti-ransomware protection as additional shield to your current protection.
Use HitmanPro.Alert with CryptoGuard
Dutch vendor of legendary cloud-based scanner HitmanPro – Surfright released active antivirus solution HitmanPro.Alert with CryptoGuard feature that effectively protects from latest versions of cryptoviruses.