'.odcodc File Extension' Ransomware
Posted: May 25, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 7 |
First Seen: | May 25, 2016 |
---|---|
OS(es) Affected: | Windows |
The '.odcodc File Extension' Ransomware is a threatening file encryptor or a Trojan that encodes your data and then sells the matching decryption solution to you. Although not all threat encryption attacks are reversible, malware experts recommend using free decryption products offered by members of the PC security sector in preference over paying con artists for the decryption. Whatever the value of the files harmed by this threat, you never should hesitate to delete the '.odcodc File Extension' Ransomware with an anti-malware product after you upload samples to any interested security researchers.
When an E-mail in a File Name is More than Just a Contact Reminder
Besides analyzing actual program code, the PC security industry also gleans significant information about threats from examining their communication infrastructure and content. As a pertinent example, readers could look to the ransom notes provided by the '.odcodc File Extension' Ransomware, a recently-discovered threat attacking both Russian and English-speaking PC operators. This threat encrypts your files and places a ransom note on your PC, with its con artists awaiting a payment before they promise to provide a working decryptor.
As usual for this category of Trojan, the '.odcodc File Extension' Ransomware's encryption targets non-OS files, such as JPG images, and includes significant changes to their names (such as the '.odcodc' extension or an e-mail address) to allow immediate identification. More notably, the '.odcodc File Extension' Ransomware shares the 8lock8 Ransomware's ransom note format, with most samples providing both English and Russian-based instructions. They recommend using e-mail communications for resolving ransom payments and receiving decryption assistance. The Trojan's admins even claim that they'll provide a limited sample for free.
The poor linguistics of some of these notes could indicate that the criminal admins are not native speakers, but may originally have been fluent in Ukrainian. At least one variant of these notes is being distributed, which includes only English text, potentially showing that the '.odcodc File Extension' Ransomware's campaigns are seeing customization for deployment in different countries.
Getting the Worst Kind of Mail out of Your System
Although PC security researchers often release fully-functioning decryptors to counteract specific file encryption threats, reversing an encryption attack requires ordinarily some degree of incompetence on the part of the threat's author. Newly-detected Trojans like the '.odcodc File Extension' Ransomware also are particularly unlikely to have had sufficient time to be caught and analyzed for a public decryptor to be available. These limitations could mean that a victim may feel the need to pay the '.odcodc File Extension' Ransomware's fee and hope that the con artists will stay true to their word, as the only means of decrypting their content.
However, e-mail ransoms with con artists are an objectively inferior solution compared to restoring your data from other sources. Any file encryptor might attempt targeting an unprotected network server or attached device, but keeping your backups password-protected and detached can keep your content from being encrypted or erased. Then, recovering from the '.odcodc File Extension' Ransomware becomes a matter of disinfecting your PC and restoring from the old copy.
The PC security industry sometimes benefits from the submission of samples of threatening software for further investigation. After taking such actions, you always should use anti-malware products for identifying and deleting the '.odcodc File Extension' Ransomware. Perhaps even more importantly than that, avoiding the favorite infection vehicles of such genres of Trojans, such as fake invoice attachments delivered via e-mail, can stop the '.odcodc File Extension' Ransomware's installation at the starting point.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%APPDATA%\cript.exe
File name: cript.exeSize: 182.27 KB (182272 bytes)
MD5: d85ec350702bb655180a3d62588f2fc8
Detection count: 95
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: May 26, 2016
cript.exe
File name: cript.exeSize: 141.82 KB (141824 bytes)
MD5: feaa01de0a543c07c296e74389f2ab89
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 26, 2016
file.exe
File name: file.exeSize: 182.78 KB (182784 bytes)
MD5: 6709b34a638a2ad060616c21fcf343c0
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 25, 2016
%SystemDrive%\Users\<username>\AppData\Roaming\cript.exe
File name: cript.exeSize: 181.24 KB (181248 bytes)
MD5: d20a5ebae229d47d046ab1b6cb92853f
Detection count: 15
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: May 26, 2016
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.