There is a new popular ransomware which is quickly making a name for itself. Odin, as this malware is aptly called, is the successor to both Zepto and Locky. To be more precise, this is a new iteration of the same ransomware family, and the similarities are very similar. In fact, there are still a few Locky references in the ransom note itself.
Odin Is The New Locky, Sort Of
The similarities between Odin, Zepto, and Locky are not overly difficult to see. The process of encrypting computer files is nothing new, nor is the ransom note itself. What is rather surprising is how the ransom note makes mention of victims having to purchase the Locky Decryptor for the price of 0.5 Bitcoin.
In fact, the message makes it very easy to understand what the objective is. But unlike Locky and Zepto, Odin has included multilingual support for over a dozen different languages. This goes to show that the developers plan a global ransomware campaign in the hopes of infecting as many users as they possibly can.
Similarly to most other types of ransomware, Odin is being distributed through emails with malicious attachments. A ZIP file is attached to these emails, which makes mention of an order being “shipped” to the victim. In fact, the ZIP file claims to contain the invoice for this product ordered. It is likely that a lot of people will attempt to open this file and see what this mysterious order confirmation is about.
The email attachment contains two files, one of which is a so-called order cancellation form. Double-clicking this file will execute JavaScript code on the host computer and infect the device with Odin ransomware. There will be no warning dialogs about software being run or downloaded in the background when this happens, which is rather worrisome.
The Odin developers charge a 0.5 Bitcoin fee for restoring computer access. The ransom note contains clear instructions on where to buy Bitcoin, as well as the payment methods supported by these companies. It is possible that the Bitcoin ransom demand will go up if users do not pay within a specific period, though.
Image credit 1
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.
