Skip to content ↓ | Skip to navigation ↓

Do you remember the .Zepto Ransomware? Of course, you do. Well, you can more or less put it in the rear-view mirror. However, there is very little in the way of actual reasons for celebration. A new threat is on the rise! It’s been tentatively called .Odin File Virus. It changes your files’ extensions to match the name of the one-eyed god from the Norse Mythology.

The first reports regarding the .Odin File Virus started appearing on 26 September, and early signs point to the ransomware affecting mostly U.S. users. Unfortunately, there is very little doubt that the virus is going to spread like a wildfire in an old forest, if not already.

Just like the .Zepto File Virus before it, this is the newest variant of the infamous and rather sinister Locky Ransomware. Again, the main distribution form is through contaminated spam e-mails. Be especially on the lookout for any WS and JS attachments.

If you are one of the unlucky ones to execute such a script, then the process that follows is more or less the same and there is very little you can do to prevent it from happening from that point onwards.

In such a scenario, a DLL installer is downloaded and executed using the perfectly legitimate Windows process called Rundll32.exe. Once inside your device, the .Odin Virus starts encrypting your most often used files. An interesting point of observation is that the whole file name of an encrypted file is changed and not just the .odin extension. A seemingly random string of numbers and letters appears instead of your regular files’ names, with the aforementioned .odin at the back.

Another important novelty is that the ransom “demands” are now being stored in files titled “_HOWDO_text.html” and “_HOWDO_text.bmp” instead of the “_HELP_instructions.html” file that was a part of the .Zepto contamination. Apparently, you will be again asked for 0.5 Bitcoins unless you are a big business or a large organization. In that case, the demanded ransom is substantially larger.

I feel it is important that you refrain from paying any ransom as this would only encourage the ransomware creators into making more and more variations of these extremely malicious programs. Instead look for alternatives to bring back your files. And don’t forget – prevention is key in the fight against computer viruses.  Be always alert when opening new e-mails and make sure to check our security tips regularly!


daniel sadakovAbout the Author: Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

10 Ways Tripwire Outperforms Other Cybersecurity Solutions
  • Alex

    These people should be hunted down and executed.

  • Vivek Rathi

    My files have been affected by this virus. How can I recover my files? Please help.

    • Gabriel Mar

      First of all, you need to remove Odin because it can start the second encryption of your files. Then you can think about your files’ recovery. The easiest way to get them bask if to restore them from backups. Do you have any?

  • Gabriel Mar

    I have just discovered a guide that lets you recover your encrypted files by Odin without backups!

    • Lokesh Kadam

      how to recovery data without backup…..and without any ystsem restore points in windows 7 ……will u explain me…please

  • gr local

    Please I need your help because I have important word and excel files to be decrypted for my job. I cannot work without these files…

<!-- -->