Osiris Ransomware Description
The Osiris Ransomware belongs to a batch of variants of the Locky Ransomware family that have been released in the final months of 2016. The Osiris Ransomware identifies the files it encrypts through the use of the extension '.Osiris,' which come from the ancient Egyptian religion. This follows a pattern used in threats such as the '.thor' Ransomware, which also uses a mythological god in order to identify its threat. The Osiris Ransomware encrypts the victim's files to make them inaccessible and then demands the payment of a ransom. During its attack, the Osiris Ransomware will replace the files' names with random characters followed by the extension mentioned above. The Osiris Ransomware delivers a ransom note in the form of an HTML file, as well as changes the victim's desktop wallpaper image. The Osiris Ransomware attack is typical of these infections, essentially taking the victim's files hostage until the victim agrees to pay a large ransom of 2.5 BitCoin (approximately $2000 USD).
An Underworld God Resurrected to Cause Harm to Innocent Files
The Osiris Ransomware attack is quite simple and a typical variant in these attacks. Since the first appearance of the Locky Ransomware family, countless variants of the threat have often been observed appearing in batches or waves and connected by common characteristics in their ransom notes or attacks. This points to the possibility of the Locky Ransomware family being a part of a RaaS (Ransomware as a Service) campaign, where con artists lease out their ransomware threats to other con artists to create attacks without having to go through the development process of creating a ransomware Trojan. Like other ransomware Trojans active today, the Osiris Ransomware encrypts the victim's files using a strong encryption algorithm, then demands that the victim pays a large ransom in exchange for the decryption key.
Understanding How the Osiris Ransomware may Infect a Computer
The most common way in which the Osiris Ransomware is distributed is through the use of corrupted email attachments, often taking advantage of vulnerabilities in certain applications to download and install this threat. Because of this, one of the best ways to prevent the Osiris Ransomware infection is to handle unsolicited email messages with care and avoid file attachments or embedded links that may install the Osiris Ransomware or other threats on the victim's computer.
The following is the full text of the Osiris Ransomware ransom note, contained in its HTML file and desktop image:
'!!! IMPORTANT INFORMATION !!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about RSA and AES can be found here:
hxxp://en.wikipedia.org/wiki/Advanced Encryption Standard
Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser: hxxp://www.torproject.org/download/download-easy.html
2. After a successful installation, run the browser and wait for initialisation.
3. Type in the address bar:
4. Follow the instructions on the site.
!!! Your personal identification ID: D56F3331E80D9E17 !!!'
This is a text that has been observed in various other variants of the Locky Ransomware family. When victims of the attack connect to the payment website, they receive the following message:
We present a special software - Locky Decryptor™ -
which allows to decrypt and return control to all your encrypted files.
How to buy Locky Decryptor™?
You can make a payment with BitCoins, there are many methods to get them.
You should register BitCoin wallet:
Simplest online wallet or Some other methods of creating wallet
Purchasing Bitcoins, although it's not yet easy to buy bitcoins, it's getting simpler every day.
Send 2.5 BTC to Bitcoin address: 1BkR8zL6jAn8zcF4t6FM85DYLFG1dZ12ip
Note: Payment pending up to 30 mins or more for transaction confirmation, please be patient...
Refresh the page and download decryptor.
When Bitcoin transactions will receive one confirmation, you will be redirected to the page for downloading the decryptor.'
Do You Suspect Your PC May Be Infected with Osiris Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Osiris Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.