[ksoksaz]

Hello! Can anybody help me with Odin ransomware because I think that I tried everything. I had tried 3 different antivirus apps ( Avira, Cureit, Bitdefender), antimalware apps, Bitdefender Crypto Vacinne, ShadowExplorer with guide from this site but nothing helps. I found different manual guides like link above in Google, but they all are similar and don't help either. So I want to ask if there any way to recover my files or the only cure is to pay hackers for decryprion?

[Advertisements]

Hi ksoksaz,

Welcome to GeeksToGo!

You are infected by the newest version of the Locky Ransomeware which is using the .ODIN extension instead of the .ZEPTO extension. Unfortunately, at this time, there is no known way to decrypt files encrypted by Locky. We do not encourage victims to pay the ransome because you are only financing cyber terrorism and the possibility of receiving the decryption code after paying the ransome are slim to none. This is why creating backups of your files is so important. We are recommending that you image your drive before doing anything else. Then in the future, if there is a way to decrypt the files, you have everything you may need to do so.

You could try recovering your files with the following methods though I see you have already tried ShadowExplorer, so I am assuming that the Shadow Volume Copies have been deleted.

You can read more about the newest version of Locky here

Previous Versions

• Right-click the file/folder and click Properties.
• Click Previous Versions.
• This tab will list all copies of the file and the date they were backed up.
• To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
• If you wish to restore the selected file and replace the existing one, click Restore.
• If you wish to view the contents of the file before restoring, click Open.

ShadowExplorer

Please download ShadowExplorer and save the file to your Desktop.

• Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract.
• Right-Click ShadowExplorer.exe and select Run as administrator to run the programme.
• You will see a drop-down menu with the shadow copies of all partitions and disks present.
• Click C:\ from the drop-down menu.
• To the right, pick a date prior to the infection from the drop-down menu.
• To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.

File Recovery Software
File Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.

What I always suggest is as follows:

Using a second computer to download and install Recuva Portable to a flash drive, then running it from the flash drive on the computer that has the lost files seems to be the safest way to get the best success.

You could also try to slave the drive by removing it from the computer, placing it in an external enclosure and accessing that hard drive from a second computer to search for any deleted files. Worth a try!

Hope this helps in some way.

Donna

[DonnaB]

Hi ksoksaz,

Welcome to GeeksToGo!

You are infected by the newest version of the Locky Ransomeware which is using the .ODIN extension instead of the .ZEPTO extension. Unfortunately, at this time, there is no known way to decrypt files encrypted by Locky. We do not encourage victims to pay the ransome because you are only financing cyber terrorism and the possibility of receiving the decryption code after paying the ransome are slim to none. This is why creating backups of your files is so important. We are recommending that you image your drive before doing anything else. Then in the future, if there is a way to decrypt the files, you have everything you may need to do so.

You could try recovering your files with the following methods though I see you have already tried ShadowExplorer, so I am assuming that the Shadow Volume Copies have been deleted.

You can read more about the newest version of Locky here

Previous Versions

• Right-click the file/folder and click Properties.
• Click Previous Versions.
• This tab will list all copies of the file and the date they were backed up.
• To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
• If you wish to restore the selected file and replace the existing one, click Restore.
• If you wish to view the contents of the file before restoring, click Open.

ShadowExplorer

Please download ShadowExplorer and save the file to your Desktop.

• Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract.
• Right-Click ShadowExplorer.exe and select Run as administrator to run the programme.
• You will see a drop-down menu with the shadow copies of all partitions and disks present.
• Click C:\ from the drop-down menu.
• To the right, pick a date prior to the infection from the drop-down menu.
• To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.

File Recovery Software
File Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.

What I always suggest is as follows:

Using a second computer to download and install Recuva Portable to a flash drive, then running it from the flash drive on the computer that has the lost files seems to be the safest way to get the best success.

You could also try to slave the drive by removing it from the computer, placing it in an external enclosure and accessing that hard drive from a second computer to search for any deleted files. Worth a try!

Hope this helps in some way.

Donna