Osiris Ransomware

Osiris Ransomware Description

The Osiris Ransomware belongs to a batch of variants of the Locky Ransomware family that have been released in the final months of 2016. The Osiris Ransomware identifies the files it encrypts through the use of the extension '.Osiris,' which come from the ancient Egyptian religion. This follows a pattern used in threats such as the '.thor' Ransomware, which also uses a mythological god in order to identify its threat. The Osiris Ransomware encrypts the victim's files to make them inaccessible and then demands the payment of a ransom. During its attack, the Osiris Ransomware will replace the files' names with random characters followed by the extension mentioned above. The Osiris Ransomware delivers a ransom note in the form of an HTML file, as well as changes the victim's desktop wallpaper image. The Osiris Ransomware attack is typical of these infections, essentially taking the victim's files hostage until the victim agrees to pay a large ransom of 2.5 BitCoin (approximately $2000 USD).

An Underworld God Resurrected to Cause Harm to Innocent Files

The Osiris Ransomware attack is quite simple and a typical variant in these attacks. Since the first appearance of the Locky Ransomware family, countless variants of the threat have often been observed appearing in batches or waves and connected by common characteristics in their ransom notes or attacks. This points to the possibility of the Locky Ransomware family being a part of a RaaS (Ransomware as a Service) campaign, where con artists lease out their ransomware threats to other con artists to create attacks without having to go through the development process of creating a ransomware Trojan. Like other ransomware Trojans active today, the Osiris Ransomware encrypts the victim's files using a strong encryption algorithm, then demands that the victim pays a large ransom in exchange for the decryption key.

Understanding How the Osiris Ransomware may Infect a Computer

The most common way in which the Osiris Ransomware is distributed is through the use of corrupted email attachments, often taking advantage of vulnerabilities in certain applications to download and install this threat. Because of this, one of the best ways to prevent the Osiris Ransomware infection is to handle unsolicited email messages with care and avoid file attachments or embedded links that may install the Osiris Ransomware or other threats on the victim's computer.

The following is the full text of the Osiris Ransomware ransom note, contained in its HTML file and desktop image:

All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about RSA and AES can be found here:
hxxp://en.wikipedia.org/wiki/RSA (cryptosystem)
hxxp://en.wikipedia.org/wiki/Advanced Encryption Standard
Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser: hxxp://www.torproject.org/download/download-easy.html
2. After a successful installation, run the browser and wait for initialisation.
3. Type in the address bar:
4. Follow the instructions on the site.
!!! Your personal identification ID: D56F3331E80D9E17 !!!'

This is a text that has been observed in various other variants of the Locky Ransomware family. When victims of the attack connect to the payment website, they receive the following message:

'Locky Decryptor™
We present a special software - Locky Decryptor™ -
which allows to decrypt and return control to all your encrypted files.
How to buy Locky Decryptor™?
You can make a payment with BitCoins, there are many methods to get them.
You should register BitCoin wallet:
Simplest online wallet or Some other methods of creating wallet
Purchasing Bitcoins, although it's not yet easy to buy bitcoins, it's getting simpler every day.
Send 2.5 BTC to Bitcoin address: 1BkR8zL6jAn8zcF4t6FM85DYLFG1dZ12ip
Note: Payment pending up to 30 mins or more for transaction confirmation, please be patient...
Refresh the page and download decryptor.
When Bitcoin transactions will receive one confirmation, you will be redirected to the page for downloading the decryptor.'

Do You Suspect Your PC May Be Infected with Osiris Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Osiris Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.


  • Patrick Sheldon:

    I have a friend that open an email which later encrypted his documents and pictures. research this and found that it was the Osiris virus. is there a way to decrypt his document and pictures.

  • Jim Regan:

    I have been infecter by OSIRIS 2e62 in my dropbox. how can i get ride od it?

  • chiefdaveg:

    Is there anyway to decipher the already encrypted files without having to use the Tor program?

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.