Skip to content ↓ | Skip to navigation ↓

Do you remember the .Zepto Ransomware? Of course, you do. Well, you can more or less put it in the rear-view mirror. However, there is very little in the way of actual reasons for celebration. A new threat is on the rise! It’s been tentatively called .Odin File Virus. It changes your files’ extensions to match the name of the one-eyed god from the Norse Mythology.

The first reports regarding the .Odin File Virus started appearing on 26 September, and early signs point to the ransomware affecting mostly U.S. users. Unfortunately, there is very little doubt that the virus is going to spread like a wildfire in an old forest, if not already.

Just like the .Zepto File Virus before it, this is the newest variant of the infamous and rather sinister Locky Ransomware. Again, the main distribution form is through contaminated spam e-mails. Be especially on the lookout for any WS and JS attachments.

If you are one of the unlucky ones to execute such a script, then the process that follows is more or less the same and there is very little you can do to prevent it from happening from that point onwards.

In such a scenario, a DLL installer is downloaded and executed using the perfectly legitimate Windows process called Rundll32.exe. Once inside your device, the .Odin Virus starts encrypting your most often used files. An interesting point of observation is that the whole file name of an encrypted file is changed and not just the .odin extension. A seemingly random string of numbers and letters appears instead of your regular files’ names, with the aforementioned .odin at the back.

Another important novelty is that the ransom “demands” are now being stored in files titled “_HOWDO_text.html” and “_HOWDO_text.bmp” instead of the “_HELP_instructions.html” file that was a part of the .Zepto contamination. Apparently, you will be again asked for 0.5 Bitcoins unless you are a big business or a large organization. In that case, the demanded ransom is substantially larger.

I feel it is important that you refrain from paying any ransom as this would only encourage the ransomware creators into making more and more variations of these extremely malicious programs. Instead look for alternatives to bring back your files. And don’t forget – prevention is key in the fight against computer viruses.  Be always alert when opening new e-mails and make sure to check our security tips regularly!


daniel sadakovAbout the Author: Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.