Osiris Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 9 |
| First Seen: | December 7, 2016 |
| Last Seen: | February 10, 2022 |
| OS(es) Affected: | Windows |
The Osiris Ransomware belongs to a batch of variants of the Locky Ransomware family that have been released in the final months of 2016. The Osiris Ransomware identifies the files it encrypts through the use of the extension '.Osiris,' which come from the ancient Egyptian religion. This follows a pattern used in threats such as the '.thor' Ransomware, which also uses a mythological god in order to identify its threat. The Osiris Ransomware encrypts the victim's files to make them inaccessible and then demands the payment of a ransom. During its attack, the Osiris Ransomware will replace the files' names with random characters followed by the extension mentioned above. The Osiris Ransomware delivers a ransom note in the form of an HTML file, as well as changes the victim's desktop wallpaper image. The Osiris Ransomware attack is typical of these infections, essentially taking the victim's files hostage until the victim agrees to pay a large ransom of 2.5 BitCoin (approximately $2000 USD).
An Underworld God Resurrected to Cause Harm to Innocent Files
The Osiris Ransomware attack is quite simple and a typical variant in these attacks. Since the first appearance of the Locky Ransomware family, countless variants of the threat have often been observed appearing in batches or waves and connected by common characteristics in their ransom notes or attacks. This points to the possibility of the Locky Ransomware family being a part of a RaaS (Ransomware as a Service) campaign, where con artists lease out their ransomware threats to other con artists to create attacks without having to go through the development process of creating a ransomware Trojan. Like other ransomware Trojans active today, the Osiris Ransomware encrypts the victim's files using a strong encryption algorithm, then demands that the victim pays a large ransom in exchange for the decryption key.
Understanding How the Osiris Ransomware may Infect a Computer
The most common way in which the Osiris Ransomware is distributed is through the use of corrupted email attachments, often taking advantage of vulnerabilities in certain applications to download and install this threat. Because of this, one of the best ways to prevent the Osiris Ransomware infection is to handle unsolicited email messages with care and avoid file attachments or embedded links that may install the Osiris Ransomware or other threats on the victim's computer.
The following is the full text of the Osiris Ransomware ransom note, contained in its HTML file and desktop image:
'!!! IMPORTANT INFORMATION !!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about RSA and AES can be found here:
hxxp://en.wikipedia.org/wiki/RSA (cryptosystem)
hxxp://en.wikipedia.org/wiki/Advanced Encryption Standard
Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser: hxxp://www.torproject.org/download/download-easy.html
2. After a successful installation, run the browser and wait for initialisation.
3. Type in the address bar:
4. Follow the instructions on the site.
!!! Your personal identification ID: D56F3331E80D9E17 !!!'
This is a text that has been observed in various other variants of the Locky Ransomware family. When victims of the attack connect to the payment website, they receive the following message:
'Locky Decryptor™
We present a special software - Locky Decryptor™ -
which allows to decrypt and return control to all your encrypted files.
How to buy Locky Decryptor™?
You can make a payment with BitCoins, there are many methods to get them.
You should register BitCoin wallet:
Simplest online wallet or Some other methods of creating wallet
Purchasing Bitcoins, although it's not yet easy to buy bitcoins, it's getting simpler every day.
Send 2.5 BTC to Bitcoin address: 1BkR8zL6jAn8zcF4t6FM85DYLFG1dZ12ip
Note: Payment pending up to 30 mins or more for transaction confirmation, please be patient...
Refresh the page and download decryptor.
When Bitcoin transactions will receive one confirmation, you will be redirected to the page for downloading the decryptor.'
