ODCODC Ransomware

What is ODCODC Ransomware?

Being attacked by ODCODC Ransomware could be one of your worst days. This ransomware can slither onto your computer without your knowledge and encrypt all your most important personal files within mere seconds. Obviously, the criminals, who created this dangerous threat, offer you their “generous help” to recover your files if you are willing to pay the demanded ransom fee. Normally you cannot decrypt your files without the private key or the decryption key unless there is a free tool available on the web that cracks the key. Another method to recover your files is to keep a backup copy on a removable disk. However, in this particular case, you may have a third option that is due to a “mistake” this otherwise dangerous infection makes. We will share with you the details later on but first, let us tell you more about this vicious program and also, why our researchers suggest that you should remove ODCODC Ransomware right away.testtesttest

Where does ODCODC Ransomware come from?

According to our specialists at anti-spyware-101.com, this ransomware mostly spreads in spam e-mails as an executable infectious file attachment that pretends to be an important text document. But, if you are open-eyed, you may notice that this attachment has a file name like “file.docx.exe” that should be suspicious already. However, these spam e-mails can be rather deceiving. Not only can they fool your spam filter, but they can also trick you into believing that you are opening an important mail with an “I have to see right now” kind of document attached. Once you download this malicious file and run it, you actually infect your computer with ODCODC Ransomware. That is exactly why it is important that you be more cautious about clicking on mails and attachments. If you are lucky, opening such a spam mail will not infect your machine right away, but that can also happen in certain cases. You can avoid such a nightmare and the headache of deleting ODCODC Ransomware and the like if you become a bit stricter about skimming through your inbox.

What does ODCODC Ransomware do?

When you execute this fake “document,” this infection gets initiated. After extracting itself, it will start to search for the targeted documents, photos, videos, and archives on all the drives your PC has or you have mapped. This ransomware uses RSA-2048 encryption algorithm to cipher your files, which makes it impossible for you to open or run them again until you get hold of the hidden private key. All the encrypted files get a new name by adding "C-email-abennaki@india.com-" to the front and ".odcodc" to the end, so your files may look something like "C-email-abennaki@india.com-myimage.jpg.odcodc.” There may be versions where “C-email-abennaki@aol.com-“ is used instead.

A text file (“readthis.txt”) is also created on your desktop, which contains all the information (in English and Russian) you need to know in order to be able to decrypt your files. This .txt is also copied to every folder where your files have got encrypted. ODCODC Ransomware does not display a warning screen about the attack; only a small window pops up after the job is done. This window is in Russian language and informs you that “the encryption has successfully ended.” This is the first moment when you may think or feel that something is not right here to say the least. The only way for you to figure out what happened, though, and what you are supposed to do now is to open one of the “readthis.txt” files.

From this file you will learn that the only way for you to recover your files is to pay a ransom fee. You should contact these criminals by way of e-mail at abennaki@aol.com or abennaki@india.com. You can also send a few encrypted files and your unique ID (to identify your PC) to these crooks so that they can prove to you that they are capable of decrypting your files and possibly gain your trust.

There is one big “mistake,” though. ODCODC Ransomware does not remove the Shadow Volume Copies of your files, which means that it may be possible to restore your files without the private key. We suggest that you search the web for more information and instructions on this. But even this you should do after you delete ODCODC Ransomware without leftovers.

How to delete ODCODC Ransomware?

The surprise comes when you realize that this infection may actually remove itself from your system after you click the OK button on the displayed pop-up window. Nevertheless, we have prepared step-by-step instructions for you to be able to check the Windows registry entries and folders this ransomware created because it is still possible that it leaves some mess behind. Do not forget to also delete the original malicious file you downloaded from the spam e-mail as well as all the text files you can find on your machine. Only after this is done it becomes safe for you to try to restore your files or transfer them back from a backup HDD. Since restoring files from the Shadow Volume Copies may not be as simple as it seems, you should find an experienced computer user or ask a professional IT expert to help you with this. Otherwise, you may want to consider installing a reliable anti-malware application to automatically protect your virtual world not to walk in a similar shoe again.

How to remove ODCODC Ransomware from Windows

  1. Tap Win+E to launch the File Explorer.
  2. Find the downloaded malicious file and bin it.
  3. Look for %APPDATA%\cript.bat and %APPDATA%\cript.exe and delete them if you find them.
  4. Look for and delete "readthis.txt" from every folder where it can be found as well as from the desktop.
  5. Tap Win+R and enter regedit. Press OK.
  6. Look for these registry entries. If you find them, delete them:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Crr1 with a value data of “C:\Users\user\AppData\Roaming\cript.bat”
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Crr2 with a value data of “C:\Users\user\AppData\Roaming\cript.exe”
  7. Exit the Registry editor.
  8. Empty the recycle bin and reboot your system.
100% FREE spyware scan and
tested removal of ODCODC Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *