Odin is a new ransomware variant that costs up to 3 BTC to unlock

A variant of the Zepto ransomware exploit – essentially a powerful system for encrypting everything on your hard drive until you supply an expensive key – is making the rounds and can cost you up to 3 bitcoins to unlock.

The new variant, called Odin, sends a message with the subject line like “Re: Documents Requested,” “FW:Documents Requested,” or “Updated invoice” with a random number. The payload is an executable file that downloads the encryptor and a small obfuscated file that serves no clear purpose. Write the folks at OpenDNS:

The single-character named file in the second pattern is interesting. There doesn’t be an instance in the overall infection where this file is touched which may imply this file was mistakenly included. File sizes for these files vary, and they all contain binary data. Could this be a key or something valuable to decrypt infected files? I’d love to hear back from you if anyone uncovers what this does.

The most interesting thing about this ransomware is that it seems to be an update to the powerful Ransomware product Zepto which in itself is a version of the Locky ransomware system. Like versions of Linux, there are branches of ransomware that exist in the wild that are still uncategorized and are just a little bit more powerful than the last.

The worst part is that Odin users charge up to three bitcoin to unlock their victims’ computers or about $1,800. They recommend using services like LocalBitcoins to convert your cash, further besmirching the already besmirched name of cryptocurrencies and ensuring that when you think of bitcoin you’ll think of ransomware.