Research has suggested that Odin is a new version of the ransomware group Locky.
As the virus has developed from Locky ransomware, the main characteristics of Odin ransomware have remained largely unchanged.
The malware accesses your system through phishing emails. It can sit on the system for an extended period while the ransomware group works through the system encrypting valuable data.
As the malware goes through this process, it will change the file names into a combination of 32 random letters and numbers, making it difficult for the user to find the documents they need. This is an attempt by the Odin ransomware group to render the files useless even with the assistance of a ransomware recovery service.
Once the group have everything they want, they will place notes around the system in files named “_HOWDO_text.htm”. These notes are found on the desktop, and the group replaces your desktop wallpaper with an image of the ransom demands.
The note often explains that your files have been encrypted and will list several URLs to visit over the Tor Browser. If you visit one of these links, you will land on a page that shares ransom details and a Bitcoin address to submit it. Paying a ransom does not guarantee getting your files back.
Because paying an Odin ransom to get your data back does not mean that the Odin ransomware group will share a decryption key with you, it is recommended that you reach out to Solace Cyber’s ransomware recovery team.
Acting fast will give you the best chance at reducing the impact of the ransomware attack, which is why we will dispatch one of our teams to your site on the same day that you call us.
Once our incident recovery team arrives at your site, they will start by understanding what has happened so far so that they can create a bespoke action plan.
From there, the team will examine the breach to identify encrypted files, the impacts of the breach, and further vulnerabilities. This is a forensic investigation, so our team will handle the breach data appropriately, making sure they do not overwrite it so that it can be used as evidence should you need it.
With the examination done and a deeper understanding of the extent of the breach, the on-site team and our remote team will work together to contain the Odin ransomware attack and reduce its spread. Once this phase is complete, the teams will eliminate the root cause of the attack to ensure that it can’t continue spreading across your system.
Finally, the incident response team will recover data where possible, returning your system to normal operation.
We will then conduct an off-boarding process where you will receive a comprehensive report detailing the attack and our response actions. This report will also include forensic evidence of the Odin ransomware attack, which you can use in criminal prosecutions or insurance claims.
Solace Cyber’s Incident Response team are experts in handling high-stakes ransomware attacks from the Odin ransomware group.
There are numerous advantages to employing our ransomware recovery service in addition to our experience:
Experience: We have helped hundreds of organisations successfully recover from Odin ransomware attacks.
Security Operation Centre (SOC) Services: We oversee our SOC around the clock, so there's always someone available to handle any situations that may arise.
Accreditations: We hold multiple ISO accreditations and are recognised by the National Cyber Security Centre (NCSC) as an Assured Service Provider.
Rock-Solid Strategy: In addition to moving quickly with our recovery plan, we also apply digital forensic analysis, which means that we don't overwrite the forensic data from the Odin ransomware attack while we work. This means that you have proof to support your insurance claims or criminal prosecution.
Nationwide Coverage: Our teams are located across the UK, facilitating quick responses wherever you are.
If you think you are under a ransomware attack, don’t hesitate to get in touch with us to start the recovery process.
Complete the form to request a complimentary consultation with our specialists and get a plan of action in place immediately.
If you need assistance right away, we would recommend calling us on 01202 308818.
Solace Cyber, part of Solace Global, helps companies across the UK recover from ransomware attacks and data breaches.
Solace Cyber Limited is registered in England & Wales no. 14028838
Solace Global
Twin Sails House,
W Quay Rd,
Poole, BH15 1JF
United Kingdom