Welcome to GeeksToGo!
You are infected by the newest version of the Locky Ransomeware which is using the .ODIN extension instead of the .ZEPTO extension. Unfortunately, at this time, there is no known way to decrypt files encrypted by Locky. We do not encourage victims to pay the ransome because you are only financing cyber terrorism and the possibility of receiving the decryption code after paying the ransome are slim to none. This is why creating backups of your files is so important. We are recommending that you image your drive before doing anything else. Then in the future, if there is a way to decrypt the files, you have everything you may need to do so.
You could try recovering your files with the following methods, though this ransomeware attempts to delete the Volume Shadow Copied making it next to impossible to recover the files.
You can read more about the newest version of Locky herePrevious Versions
- Right-click the file/folder and click Properties.
- Click Previous Versions.
- This tab will list all copies of the file and the date they were backed up.
- To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
- If you wish to restore the selected file and replace the existing one, click Restore.
- If you wish to view the contents of the file before restoring, click Open.
Please download ShadowExplorer
and save the file to your Desktop
File Recovery Software
- Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract.
- Right-Click ShadowExplorer.exe and select Run as administrator to run the programme.
- You will see a drop-down menu with the shadow copies of all partitions and disks present.
- Click C:\ from the drop-down menu.
- To the right, pick a date prior to the infection from the drop-down menu.
- To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.
File Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.
What I always suggest is as follows:
Using a second computer to download and install Recuva Portable
to a flash drive, then running it from the flash drive on the computer that has the lost files seems to be the safest way to get the best success.
You could also try to slave the drive by removing it from the computer, placing it in an external enclosure and accessing that hard drive from a second computer to search for any deleted files. Worth a try!
Hope this helps in some way.