Odaku Ransomware

Cybercriminals have created a new threat and are using it to infect users' computers. The harmful threat is a Chaos Ransomware variant and is being tracked as the Odaku Ransomware, and despite being yet another updated version of the original threat, its destructive capabilities remain significant. The threat targets commonly used file types and ones that are usually associated with valuable data, such as archives, databases, documents, PDFs, images, etc.

Instead of using a unified file extension to mark each encrypted file, the Odaku Ransomware generates a new random 4-letter extension for each file. In addition, victims will notice that a new text file named 'read_it.txt' has appeared on the desktop of the compromised systems. The file contains a ransom note with instructions from the attackers.

Ransom Note's Details

The note states that the attackers go by the name odaku and they demand to be paid a ransom of $25. The sum must be transferred to the provided crypto-wallet address using the Bitcoin cryptocurrency. Victims also are instructed that they must provide a screenshot of the transaction as proof that they have indeed sent the money. According to the note, the screenshot is supposed to be delivered to a Telegram account controlled by hackers. Afterward, victims are told that they will receive a decryption key. The note doesn't mention any opportunities for the attackers to demonstrate their ability to restore the locked data, making the entire offer extremely risky and untrustworthy.

The full text of the note is:

'hi my name is odaku
send me here 25$ btc

wallet:
bc1qr2vvldtzagpw6f2utk58cl8xw5ppm3mc7wu0zr
send me screenshot here :

telegram : @odaku

Then I will send you the key.'