Important Security Notice on the ODIN Ransomware Virus - Envision Technology Advisors' blog

The Envision Blog

Important Security Notice on the ODIN Ransomware Virus

ODIN ransomware virus alertRecently, a new variant of ransomware named ODIN has infected a number of companies. This security notice will explain what this virus is, how to avoid it, and what to do if your business becomes infected.

The Basics of ODIN

ODIN is the latest version of the LOCKY Ransomware that has been making the rounds recently. The infection is spread through spam emails with standard attachments, including Word documents (.doc/.docx), Excel files (.xls/.xlsx), and PDF documents. Opening an infected attachment will install an infected dll on a user's machine which executes via rundll32.exe. This virus has the ability to then spread from the local computer to any any attached network drive and other local user systems. This means that it can have a disastrous effect not just on your computer, but on the others in your network.

This virus encrypts files with certain extensions and appends the .ODIN extension to it. In addition, the following files will also be created on the affected systems/folders:

  • _HOWDO_text.html
  •  _HOWDO_text.bmp
  •  _[2_digit_number]_HOWDO_text.html

The files direct the user to a website where they can then submit a payment to receive a decryption key. While we can verify that mapped shares are affected, it is possible that unmapped shares could be affected as well. Currently the only remediation options are to either pay for the decryption key or to delete the infected files and restore from backups.  

What To Do If You Are Infected

If your computer becomes infected with this virus, shut your system down immediately and contact Envision or your internal IT support.

If you are unsure whether or not an attachment you have received is safe, contact us for assistance.

How To Avoid An Infection

If you receive an email from an address you do not recognize, be cautious when openng it and do NOT open unknown or unexpected email attachments and/or click on any unknown links.

Even if you recognize an email address, use discretion when opening all emails, attachments, or clicking links to the Web. When in doubt, contact us for assistance.

Read other blog articles from Envision

How can we help you? Call us today at 401-272-6688