Cyber Security Center

Ogdo ransomware removal


Part of the Djvu ransomware family, Ogdo ransomware is malware that encrypts files. It adds the .ogdo extension to encrypted files and drops the _readme.txt ransom note. The ransomware demands $980 for file decryption.

 

Ogdo ransomware note

Ogdo ransomware is file-encrypting malware, and infection could lead to permanent file loss. It comes from the Djvu/STOP ransomware family, which already has hundreds of versions. This notorious malware family releases new versions on a regular basis, and unfortunately, most of them are not decryptable for free. This ransomware is recognizable from the .ogdo file extension that it adds to encrypted files. Users will not be able to open files with that extension unless they first decrypt them. The cyber crooks behind this ransomware will try to sell the decryptor to victims for $980, or $490 if contact is made within 72 hours. However, paying the requested ransom is not recommended because it does not guarantee file decryption. There’s nothing stopping cyber criminals from simply taking the money and not sending the decryptor. Or they may send a broken one. Whatever the case, paying the ransom is risky.

Unfortunately, the only reliable way to recover files is via backup. Ransomware is one of the reasons why backing up files on a regular basis is so important. Users who do have backup should only access it once they delete Ogdo ransomware, otherwise files in backup may become encrypted as well.

Victims should be very careful with decryptors advertised on unreliable sites. While it is true that malware researchers do release free decryptors to help victims, Ogdo ransomware is currently undecryptable. And there are many fake, potentially malicious decryptors promoted on various sites.

Ransomware infection methods

It’s very easy to infect a computer with ransomware, and it’s usually users who have bad browsing habits that end up doing it. Something as simple as opening email attachments, downloading torrents or software cracks, or clicking on ads could result in a computer becoming infected. If more users develop good browsing habits and become more careful, the spread of ransomware would decrease significantly.

Users often get infected by opening spam email attachments. Cyber criminals use leaked email addresses to launch spam email campaigns that distribute malware. Fortunately, those emails are usually quite obvious because they’re sent from nonsense email addresses, contain loads of grammar and spelling mistakes, and pressure users into opening the email attachment. If users do open the malicious attachment and enable macros, the malware would be able to initiate. To avoid allowing malware on a computer, users are encouraged to scan email attachments with anti-malware software or VirusTotal.

Users who pirate via torrents have a high chance of picking up an infection like ransomware. Torrent sites and forums are full of all kinds of ransomware and other malware because they are often not regulated properly. Cyber criminals have little issue with uploading their malware, often disguised as torrents for movies, games, episodes of TV series, software etc.

What does Ogdo ransomware do

When the ransomware is initiated, it will start encrypting files immediately. Users will be able to identify which ransomware has encrypted files from the .ogdo file extension added to encrypted files. For example, image.jpg -> image.jpg.ogdo. Once file encryption is complete, the ransom note _readme.txt will be dropped. The note demands that victims pay $980 for a decryptor. Users who contact these cyber crooks within 72 hours would supposedly be offered a 50% discount ($490). The ransom note is identical to the ones dropped by other versions of Djvu ransomware.

Here is the full Ogdo ransom note:
ATTENTION!

Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted
with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-SY0GqQtRAT
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
helpmanager@mail.ch

Reserve e-mail address to contact us:
restoremanager@airmail.cc

Your personal ID:

As we said above, paying the ransom is not recommended as it will not necessarily lead to decrypted files. It’s very likely that cyber crooks will just take the money and not send the decryptor. Unfortunately, without the decryptor, it’s only possible to recover files via backup.

Ogdo ransomware removal

It’s not recommended for users to try to manually remove Ogdo ransomware. Instead, anti-malware software should be used. The anti-malware would safely delete Ogdo ransomware but unfortunately, it would not decrypt files. Decryption is only possible with a special decryptor. Users who have backup can start file recovery as soon as the ransomware is no longer present.

Ogdo ransomware is detected as:

  • A Variant Of Win32/Kryptik.HGBJ by ESET
  • Ransom:Win32/STOP.BS!MTB by Microsoft
  • Exploit.Win32.Shellcode.tum by Kaspersky
  • Trojan.Glupteba by Malwarebytes
  • FileRepMalware by AVG