'.odcodc File Extension' Ransomware

'.odcodc File Extension' Ransomware Description

The '.odcodc File Extension' Ransomware is a threatening file encryptor or a Trojan that encodes your data and then sells the matching decryption solution to you. Although not all threat encryption attacks are reversible, malware experts recommend using free decryption products offered by members of the PC security sector in preference over paying con artists for the decryption. Whatever the value of the files harmed by this threat, you never should hesitate to delete the '.odcodc File Extension' Ransomware with an anti-malware product after you upload samples to any interested security researchers.

When an E-mail in a File Name is More than Just a Contact Reminder

Besides analyzing actual program code, the PC security industry also gleans significant information about threats from examining their communication infrastructure and content. As a pertinent example, readers could look to the ransom notes provided by the '.odcodc File Extension' Ransomware, a recently-discovered threat attacking both Russian and English-speaking PC operators. This threat encrypts your files and places a ransom note on your PC, with its con artists awaiting a payment before they promise to provide a working decryptor.

As usual for this category of Trojan, the '.odcodc File Extension' Ransomware's encryption targets non-OS files, such as JPG images, and includes significant changes to their names (such as the '.odcodc' extension or an e-mail address) to allow immediate identification. More notably, the '.odcodc File Extension' Ransomware shares the 8lock8 Ransomware's ransom note format, with most samples providing both English and Russian-based instructions. They recommend using e-mail communications for resolving ransom payments and receiving decryption assistance. The Trojan's admins even claim that they'll provide a limited sample for free.

The poor linguistics of some of these notes could indicate that the criminal admins are not native speakers, but may originally have been fluent in Ukrainian. At least one variant of these notes is being distributed, which includes only English text, potentially showing that the '.odcodc File Extension' Ransomware's campaigns are seeing customization for deployment in different countries.

Getting the Worst Kind of Mail out of Your System

Although PC security researchers often release fully-functioning decryptors to counteract specific file encryption threats, reversing an encryption attack requires ordinarily some degree of incompetence on the part of the threat's author. Newly-detected Trojans like the '.odcodc File Extension' Ransomware also are particularly unlikely to have had sufficient time to be caught and analyzed for a public decryptor to be available. These limitations could mean that a victim may feel the need to pay the '.odcodc File Extension' Ransomware's fee and hope that the con artists will stay true to their word, as the only means of decrypting their content.

However, e-mail ransoms with con artists are an objectively inferior solution compared to restoring your data from other sources. Any file encryptor might attempt targeting an unprotected network server or attached device, but keeping your backups password-protected and detached can keep your content from being encrypted or erased. Then, recovering from the '.odcodc File Extension' Ransomware becomes a matter of disinfecting your PC and restoring from the old copy.

The PC security industry sometimes benefits from the submission of samples of threatening software for further investigation. After taking such actions, you always should use anti-malware products for identifying and deleting the '.odcodc File Extension' Ransomware. Perhaps even more importantly than that, avoiding the favorite infection vehicles of such genres of Trojans, such as fake invoice attachments delivered via e-mail, can stop the '.odcodc File Extension' Ransomware's installation at the starting point.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to '.odcodc File Extension' Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

file.exe File name: file.exe
Size: 182.78 KB (182784 bytes)
MD5: 6709b34a638a2ad060616c21fcf343c0
Detection count: 56
File type: Executable File
Mime Type: application/octet-stream
Group: Malware file
Last Updated: May 25, 2016
%SystemDrive%\Users\ergon\AppData\Roaming\cript.exe File name: cript.exe
Size: 181.24 KB (181248 bytes)
MD5: d20a5ebae229d47d046ab1b6cb92853f
Detection count: 15
File type: Executable File
Mime Type: application/octet-stream
Path: %SystemDrive%\Users\ergon\AppData\Roaming\
Group: Malware file
Last Updated: May 26, 2016

Registry Modifications


The following newly produced Registry Values are:

Regexp file mask%APPDATA%\cript.exe
Posted: May 25, 2016
Threat Metric
Threat Level: 10/10
Infected PCs 7
Home Malware Programs Ransomware '.odcodc File Extension' Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.