Andrew Watson

.ODIN files on my flash drive

Recommended Posts

Hello there i have a friend who'system was infected  Ransomware and had files on a flash drive encrypted.

He took his system to Pcworld and they wiped it clean back to factory settings so he lost any other

means of data recovery other than what was on the flash drive.

I have been told this Ransomware is of the new Locky type tt has the files changed  .ODIN

Does anyone know how to  back the files..

 

Any help would be a help..

Thank You.

 

_0_HOWDO_text.html

8YSTRSEM-MQ7F-H0NH-0BF4-E4E1EF131D7A.odin

8YSTRSEM-MQ7F-H0NH-0CFA-025A262587C7.odin

Share this post


Link to post
Share on other sites

ODIN

Monday, October 10, 2016

14:29

"Odin" is a Locky ransomware variant.

 

Unfortunately Locky is one of the ones that uses a secure encryption on the files, and the private key to decrypt them can only be obtained by paying the ransom. Currently, there is no reliable way to recover files encrypted by Locky.

 

If you take your computer to a computer repair place for assistance, then you can let them know the following (they should understand what it means):

 

Locky deletes Volume Shadow Copies to prevent people from using ShadowExplorer to find backups of the files that were saved automatically, however it doesn't do this securely. There have been reports of people being able to use a file undelete utility such as Recuva to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies the odds of there being backup copies of important files in them are low, to begin with. That being said, it's probably still the best chance for recovery any of the files without paying the ransom.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.