ODCODC Ransomware Removal Guide

Do you know what ODCODC Ransomware is?

ODCODC Ransomware is a computer infection that secretly enters computers. Once it does that, it hurries to encrypt all the files. Our security specialists say that they are not surprised at all that ODCODC Ransomware locks files because all ransomware infections have the same goal – to make users pay. If you ever encounter this ransomware infection, you should not rush to pay money because there is a way to decrypt files free of charge even though this infection uses the strong encryption algorithm RSA-2048. We will talk about these methods further in this article. In addition, you will find out how to remove this ransomware easily and quickly. The good news is ODCODC Ransomware usually removes itself after it finishes encrypting files stored on the computer and displays a window with this message: “Кодирование успешно завершено!.”

As we have already told you, ODCODC Ransomware will encrypt files the first thing it enters the system because cyber criminals that hide behind this infection and own it seek to get easy money from computer users. It is not hard to say which of the files you have are encrypted. There will be an email address assigned to each of the encrypted files and a new extension .odcodc placed next to the original filename extension, for example, C-email-abennaki@india.com-music.mp3.odcodc. There are two main versions of this ransomware infection, so you might also see C-email-abennaki@aol.com- email address at the beginning of encrypted files. Of course, not all the users understand that their files are encrypted when they notice that the names of files are different, and it is impossible to open them. To make sure that all users know what has happened and what they need to do next, ODCODC Ransomware also creates the text file readthis.txt on Desktop and puts its copies in each folder that contains encrypted files. This text file informs users that their files have been encrypted, and they have to contact abennaki@aol.com or abennaki@india.com (depending on the version of the ransomware) for further information. We have not tried contacting cyber criminals by any of these given emails; however, we are sure that they will ask you to transfer money for the decryption tool. It seems that ODCODC Ransomware is targeted at all kinds of users because the content of the .txt file is written in both English and Russian.

If you let us tell our opinion, we do not think that it is the best solution to the problem to pay money for cyber criminals. It is because cyber criminals might take your money but do not unlock files in return. Besides, users can decrypt files free of charge themselves if they have copies of files on the external storage. Finally, our security experts have revealed that ODCODC Ransomware does not delete Shadow Volume Copies, so there is a possibility to gain access to, at least some, of your personal files even though you do not have their copies and are not planning on paying a ransom. As you already know, ransomware infections cause many problems, so you should do everything that is possible to ensure your system’s safety.

We have described how ODCODC Ransomware acts in this article and now we want that you know how it is spread in order to prevent other similar threats from entering your PC in the future. Researchers have managed to find out that this infection is usually distributed as a legitimate-looking Word document file. It often comes as an attachment in spam emails, so users who open it allows malware to sneak onto their computers unwillingly. This is the major way how ransomware infections are spread; however, it is known that they use other methods to sneak onto computers too, e.g. they might pretend to be useful software and be available for download on untrustworthy file-sharing sites.

In most cases, ODCODC Ransomware removes itself after it finishes doing its main job, i.e. encrypting files users keep on their computers; however, in some cases, its files and registry keys might not disappear anywhere, so we provide the manual removal instructions that will help you to get rid of this infection (they are put below this article). Of course, an antimalware tool SpyHunter would also help you, so feel free to use it instead of trying to get rid of threats manually.

Delete ODCODC Ransomware

  1. Open the Windows Explorer (Windows key + E).
  2. Go to %APPDATA% and remove such files as cript.bat and cript.exe.
  3. Go to the Registry Editor (tap the Windows key + R and enter regedit).
  4. Move to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  5. Delete the following Values:
  • Crr1
  • Crr2

In non-techie terms:

We have only three pieces of advice for those users who wish to protect their systems from similar ransomware infections. First, it is necessary to install a 100% reliable security tool on the system and keep it always there. Second, users should not pay attention to spam emails. Third, it is very important to download software from reliable websites. You should also know that the software you are going to install is 100% reliable.