Odaku Ransomware

There is a new strain of ransomware detailed by researchers and called the Odaku ransomware. The ransomware belongs to the wider family of Chaos ransomware clones and variants.

The name Odaku was given due to the name that the threat actor behind the ransomware uses in the ransom note. Odaku is a file-encrypting ransomware that will scramble files on the victim system, making them unreadable before decryption. The files retain their original filenames but get a random new extension appended after the original one.

The newly added extension is a string of 4 randomly selected alphanumeric characters. In this way, a file that was called "photo.jpg" before the encryption process can become something like "photo.jpg.ai9r".

The ransomware appears to either be in early testing or to be exploited by a small-time or amateur operator. The ransom demanded is just $25, to be paid in BTC. The ransom note is written in broken English and is very short and sloppy too. The ransom demand is placed in a plain text file called "read_it.txt" and goes as follows:

hi my name is odaku

send me here 25$ btc

wallet:

[wallet string]

send me screenshot here :

telegram : @odaku

Then I will send you the key .

Of course, even if victims decide to send the small sum of $25, there is no guarantee they will ever receive a working decryption tool. There is no known free decryptor for the ransomware and the only viable solution for restoring files scrambled by the Odaku ransomware remains an offline backup.

May 9, 2022