What is Osiris malware

Remove Osiris Ransomware: decrypt the .osiris file

The Locky ransomware family continues to hatch new mutant extortion programs. Its developers are apparently experimenting with payload delivery and data crippling practices. This time the perpetrators have created another offshoot of their shameful prototype, appending the .osiris extension to encrypted files and storing the ransom note OSIRIS- [victim_ID] .htm.

What is the Osiris ransomware?

To use cyber security terms, the word "Osiris" refers to an alias of the nasty Locky ransomware, rather than something to do with the mythology of ancient Egypt. The most recent criminal example among the multitude of variants in this family has a complicated contamination technique, a different file renaming pattern and a new format of the recovery instructions. This output appends the .osiris extension to each file, the file itself is encrypted with military standards, using a non-crackable mixture of RSA and AES standards. The revised Ransom Trojan also affects file names in a new way, replacing them with entries like B5F7GEC2-A9BF-816E-373B5CBG-41019FD253D9.osiris. The algorithm is [8_hexadecimal_chars] - [4_hexadecimal_chars] - [4_hexadecimal_chars] - [8_hexadecimal_chars] - [12_hexadecimal_chars] .osiris.

Another change that the victims won't miss is that the ransomware created the help files in a single format (HTM), whereas their predecessors usually put several different ransom variants. The remedy for recovery is now explained in the document OSIRIS- [victim_ID] .htm. The unique identifier in its name usually consists of 4 characters. Also, it will be different for copies of the file left on the desktop and those embedded in individual folders with twisted personal files.

The path to HTM decryption includes a hyperlink to the victim's personal recovery center, which contains the Locky Decryptor page. The .onion link can only be loaded with the Tor browser, which has a level of anonymity for the distributors of the ransomware. Hence, it is necessary to download and install this browser in order to proceed. Once on the page, the infected user will get the following information: the size of the ransom, the Bitcoin wallet address to send the digital money to, and some resources to buy Bitcoins. The decryption service imposed by the attackers will typically cost 0.5 BTC, or around $ 370 USD. However, dealing with distributors of ransomware is a slide, so it is a much better idea to try some of the best forensic data recovery practices.

Just like its predecessors, the Osiris edition of Locky managed to find its way onto the computer via spam. The only novelty in the current wave of spam is that the email attachment with a booby trap is an XLS document. This file causes a pop-up to appear advising the recipient to enable macros. If the user gullible falls into it and does so, the infection will take advantage of a known macro vulnerability and launch the ransomware. So, be sure to treat eye-catching email attachments with a reasonable amount of suspicion.

Automatic removal of Osiris extension virus

Eradication of this ransomware can be done efficiently with reliable security software. Sticking to the automatic cleanup technique ensures that all components of the infection get thoroughly wiped from your system.

1. Download the recommended security utility and check the computer by clicking Computer scan now.

Download Osiris Virus Remover

2. The measurement comes with a list of the objects found. click on Fix threatsto have the virus and related infections removed from the system. Completing this stage of the cleanup process will most likely result in complete disease eradication. Now you face a bigger challenge - give it a try and get your data back.


Methods to Recover Encrypted .osiris Files

It has already been mentioned that Osiris uses strong encryption to make the files useless, so there is no spell that will undo them anytime soon, other than paying the ransom, of course. However, there are techniques that can help you recover the important files - learn more about them here.

1. Automatic file recovery programs

It is interesting to know that Osiris will delete the original, unencrypted files. The copies are processed by the ransomware. Because of this, applications like Stellar data recovery restore the deleted objects, even if they were securely deleted. This method is well worth the time and has proven to be effective.

Download Stellar Data Recovery

2. Volume Shadow Copies

This approach takes advantage of the Windows backup of files on the computer, which is done at each restore point. However, one important condition must be met: This works if System Restore was activated before the infection. In addition, changes to a file that were changed after the recovery point will not be in the recovered version.

  • Take advantage of the previous file versions featureThe Windows operating system has a built-in ability to restore the previous version of files. This can also be applied to folders. Just right click on a file or folder, choose properties and switch to the Previous versions Within this version area you will see the list of the saved copies of the file / folder with the corresponding time and date information. Select the most recent entry and click on Copyin case you want to restore the object to a new location that you can specify. If you click on the RestoreButton, the object will be restored to its original location.
  • Use the Shadow Explorer tool This approach allows you to restore previous versions of files and folders automatically rather than manually. To do this, download and install the Shadow Explorer application. After starting it, select the drive name and the date of the created file versions. Right click on the affected folder or file and select the export-Option. Then simply specify the location to which the data should be restored.

3. Backups

Out of all the options that are not related to the ransomware, the best option is a data backup. In the case of an existing data backup on an external server before the ransomware infection on your PC, the files encrypted by Osiris can be restored in this way. To do this, log in to the respective user interface, select the files and initiate the recovery of the files. Before doing this, however, make sure that you have completely removed the ransomware from your computer.


Verify that the Osiris / Locky ransomware has been completely removed

Again, ransomware removal alone will not decrypt your personal files. The data recovery methods highlighted above could produce the desired result, but the ransomware itself doesn't belong inside your computer.

Incidentally, it often comes together with other malware, so it makes sense to scan the system again and again with automatic security software to ensure that there are no harmful residues of the virus and the associated threats within the Windows registry and elsewhere more are left.

Download the Osiris Ransomware Scanner and Remover