Home Malware Programs Ransomware Osiris Ransomware

Osiris Ransomware

Posted: December 6, 2016

Threat Metric

Threat Level: 8/10
Infected PCs: 21
First Seen: December 7, 2016
Last Seen: February 10, 2022
OS(es) Affected: Windows

The Osiris Ransomware is a new version of the '.locky File Extension' Ransomware. Its symptoms, including desktop-hijackings, Web-based ransom messages, and threatening data-encrypting attacks meant to lock your files, are consistent with other members of this family. Vulnerable PC users can protect their PCs by updating all anti-malware software for removing the Osiris Ransomware accurately, as well a scrutinizing common infection vectors like e-mails.

More Threats Ferrying Your Files to a Temporary Afterlife

The '.locky File Extension' Ransomware's stint at mythological self-branding has yet to end, although this choice of themes does little to change the consequences of an infection. The pattern that began with threats like the '.aesir File Extension' Ransomware and the '.thor File Extension' Ransomware now continues with the Osiris Ransomware, whose attacks malware experts confirm starting from the first week of December. Other updates to the Osiris Ransomware unrelated to its theme swap also appear to be targeting heuristic detection methods by various brands of security software, facilitating the Osiris Ransomware's undetected installation.

The central profitability from the Osiris Ransomware's campaign hinges on locking a victim's files through a data-encrypting attack. The Osiris Ransomware's version of this payload continues using an asymmetrical, AES-RSA combination that presents a difficult-to-surmount task for data recovery. Although malware researchers find the Osiris Ransomware using a new extension ('.the Osiris') for these files, the Trojan also is notable for wiping the rest of the name with a string of new characters in dash-encased blocks. The new name represents the ID number the victim uses while engaging in paying the Osiris Ransomware's administrators out of hope for their decryption help.

The Osiris Ransomware also includes several symptoms for enabling that cash transfer as follows:

  • The Trojan displays a standard image file for the '.locky File Extension' Ransomware family that contains instructions on using anonymous Web-surfing software to access its ransom-payment site. It locks the desktop wallpaper to this image by default.
  • You also may find other instructions through a local HTML page that the Osiris Ransomware places in several locations, including the desktop and most directories with any encrypted content.

Resurrecting Your Data from Trojan Tampering

Although the aftereffects of the Osiris Ransomware attacks are obvious, relying on these symptoms to detect infections can place you in a position of suffering long-term damage to your local files. The Osiris Ransomware doesn't attack operating system-essential data but may encipher documents, pictures and other media. Paying the ransom is wholly dependent on the generosity of the Osiris Ransomware's threat actors for achieving any degree of data recovery.

Thoroughly-maintained backup strategies can eliminate the risks of decryption by providing recovery options that the Osiris Ransomware can't sabotage. Malware researchers especially see good results against file-encrypting Trojans with backups stored on removable devices and kept in most cloud storage services. Anti-malware products updated for detecting threats of this classification regularly also should be able to remove the Osiris Ransomware during an installation attempt, such as via disguised e-mail attachments.

The Osiris Ransomware's authors chose a somewhat unusual and even educational theme, but this update of old threat is a topic of interest for its successful evasion of various threat detection methods primarily. Consequentially, updating your security software at least as often as threat authors update their Trojans is an action with very clear benefits.

Related Posts

Loading...