Osiris ransomware sets out for the data hunt


Osiris crypto-malware has joined the family of ominous Locky ransomware. The main novelty of this variation is the new file extension attached to the encrypted files. Along with the altered file name into clumsy [first_8_chars_of_id]–[next_4_chars_of_id]–[next_4_chars_of_id]–[8_hexadecimal_chars]–[12_hexadecimal_chars].osiris, the virus has also a few additional improved specifications. Though the virus may be the harbinger of the disturbing outcomes, it is still possible to terminate the malware.

Looking back at the history of several-months-old Locky virus, it becomes clear that the original version was only a beginning. Throughout its existence, users have been already attacked by Locky, Odin, Thor, .aesir, .zzzzz, .shit file, and now Osiris malware. Surprisingly, all of these extensions inflicted a great damage both, to natural and corporate users even though the malware employs the same distribution and operation technique.

Specifically, the binary of Osiris ransomware is placed in the veneer of invoice or as the attachment to the supposedly undelivered email. As in the previous versions, the virus asks victims to enable the macro settings if they are disabled by the default. If they do it, the malware activates its VBA macro which on its behalf downloads a .dll file into the %Temp% folder. Now the file will be activated with the assistance of Rundll32.exe function. Later on, it becomes only a matter of time when the cyber infection finishes its misdeed.

Even if this misfortune has befallen you, there is a solution. Eliminate Osiris ransomware with an updated anti-spyware application. Only after the cyber threat is completely eradicated, concentrate on the file recovery. Use a backup or additional tool to recreate the lost data.

Comments are closed.