ODCODC Ransomware Decryptor released by BloodDolly

ODCODC Ransomware is the encryption attack which is used to trick user into paying large amounts of money. To execute its attack ‘.odcodc File Extension’ encrypts victim’s files, and demands for ransom to recover the encrypted files. It uses a strong encryption to make the encrypted files inaccessible. It modifies the extension of the encrypted files to ‘.odcodc’ and drops text files which contains a ransom note named ‘readthis.txt.’ Users are advised to avoid paying the ‘.odcodc File Extension’ Ransomware ransom. The best way to protect yourself from this Ransomware is to backup your files regularly sand use a reliable security program.

If you are being infected with this ransomware program then no need to worry a decryptor has been released by the ransomware expert BloodDolly which let the victim’s to recover their encrypted files for free. Through the Command & Control servers are no longer active, so many victims don’t pay the ransom and hold their encrypted files in a hope that a decryptor can be created. Now these victims can make use of this BloodDolly’s decoder to recover their encrypted files.

Download Removal Toolto remove ODCODC

Those who are affected by ODCODC ransomware, they can download the Decoder from the following link: http://www.bleepingcomputer.com/forums/t/615172/odcodc-ransomware-odcodc-help-support-readthistxt/?p=4038795. Once you have downloaded the Decoder, extract the zip file and read the readme.txt for the instructions.

ODCODC Decoder

As BloodDolly explains in readme.txt instructions, ODCODC will start downloading a unique key from command & control server for the each encrypted hard drive partition. If it fails to connect to command & control server, then it will randomly choose one of 200 static encryption keys which can encrypt the victim while they are offline.

Victim can recognize if they have offline or online key by simply having a look at the PCID specified in readthis.txt ransom note. If your PCID contains X, like JANKO-16098513X1781, then you need to use the offline key and the decoder can decrypt your encrypted files using the built-in keys.

On other hand, if your PCID doesn’t contain X, like JANKO-L3710254317, then BloodDolly will reconstruct key using the encrypted files. BloodDolly will need the pair of encrypted and original file or the encrypted .doc, .xls or .ppt (not .docx, .xlsx, .pptx, etc) file to reconstruct the key. BloodDolly has included the instructions on how to send these files to him here.

Once the key is constructed victim can simply run the ODCODC Decoder and decrypt their encrypted files. BloodDolly advise user to backup the encrypted files before decrypting it and test the decryption on few files before decrypting the entire drive.

Download Removal Toolto remove ODCODC

ODCODC Decoder Finshed Decrypting

In some test the ODCODC decoder successfully decrypt the encrypted files.  And the big thanks goes to BloodDolly for releasing this tool!

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>