Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ODCODC Ransomware (.odcodc) Help & Support - readthis.txt


  • Please log in to reply
37 replies to this topic

#16 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:22 PM

Posted 29 June 2016 - 10:07 AM

Definitely decryptable, I just don't have full details on the algorithm yet. I'm still learning ASM, so I can't tear it apart much more myself.  :scratchhead:

 

When a decrypter has been made, we'll be sure to post it here. :)


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


BC AdBot (Login to Remove)

 


m

#17 BloodDolly

BloodDolly

  • Security Colleague
  • 473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:12:22 AM

Posted 11 July 2016 - 10:05 AM

It is decryptable.

ODCODC Decoder

http://download.bleepingcomputer.com/BloodDolly/ODCODCDecoder.zip

If you are a victim of ODCODC Ransomware the pair of encrypted/original file from each infected drive is needed or encrypted doc, xls, ppt (not docx, xlsx, pptx) from each infected drive if the key was downloaded from the server. (Your ID doesn't contain X, for example PC ID:: COMPUTER1416156778)
 

The encrypted files look like %drive%-email-%email_address%-<original name>.odcodc.

Put these files into archive, upload it to sendspace.com and send me the download link via PM or post the download link here.

If your PC ID contains X (example PC ID:: COMPUTER1416156778X1963) then try to decrypt your files with build in keys.
For more information please read README.txt file in the ODCODCDecoder.zip archive.


Edited by BloodDolly, 13 January 2017 - 06:07 AM.


#18 al1963

al1963

  • Members
  • 839 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 11 July 2016 - 10:29 AM

I send the encrypted file and ID to PM



#19 Ratatosk

Ratatosk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 12 July 2016 - 05:27 AM

Sent you the encrypted/original files and ID to PM



#20 al1963

al1963

  • Members
  • 839 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 16 July 2016 - 11:22 AM

BloodDolly,

thank you for your work! I deciphered your decoder all encrypted files * .odcodc


Edited by al1963, 16 July 2016 - 11:22 AM.


#21 Ratatosk

Ratatosk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 18 July 2016 - 03:02 AM

BloodDolly,

Decryption is successful! Thanks a lot for your work!



#22 al1963

al1963

  • Members
  • 839 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 31 July 2016 - 11:25 PM

Incidentally, ODCODC today in the newsletter by e-mail. in Russia.

https://www.virustotal.com/ru/file/377497cf6950a1af215f201d5ad2db9b2f7bd8c17e1e0c538fb4bb70565fda6f/analysis/1470025679/


Edited by al1963, 31 July 2016 - 11:28 PM.


#23 BloodDolly

BloodDolly

  • Security Colleague
  • 473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:12:22 AM

Posted 01 August 2016 - 08:05 AM

Pretty weird "upgrade". They cut off 100 hardcoded keys from 200, but didn't change the number of total hardcoded public keys, so when the generated number is bigger than 100 it will crash and terminate itself.



#24 dobriv

dobriv

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 01 August 2016 - 09:21 AM

BloodDolly,

just sent you the ID and the download link via PM.

 

Thank you in advance !



#25 BloodDolly

BloodDolly

  • Security Colleague
  • 473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:12:22 AM

Posted 01 August 2016 - 10:30 AM

BloodDolly,

just sent you the ID and the download link via PM.

 

Thank you in advance !

Your files are not encrypted by ODCODC ransomware.



#26 nibix

nibix

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 11 October 2016 - 01:22 PM

Hi there.

BloodDolly, i've sent you download link and description.



#27 _mihaita

_mihaita

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 13 December 2016 - 05:11 AM

Hello,

This tool works perfect but I have some file that are truncated. Any reason?



#28 BloodDolly

BloodDolly

  • Security Colleague
  • 473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:12:22 AM

Posted 27 December 2016 - 05:31 PM

Hello,

This tool works perfect but I have some file that are truncated. Any reason?

Solved already



#29 chelin2017

chelin2017

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 11 January 2017 - 01:38 PM

Hello , 

This tool dont work, i need help



#30 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:22 PM

Posted 12 January 2017 - 09:16 AM

Follow the directions to upload files for BloodDolly to help you.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users