Are you sure?

Comfirm Cancel


Or Login using BecomeGorgeous


Please fill the form below and follow the further instructions.

By registering, you are agreeing to the terms and conditions.
We will not sell, rent or give your email to anyone so don't worry about spam.

Password Recovery

You are about to receive a email from us please make sure to check your spam or junk folder and add our email [email protected] to your contact list.

Thank you!

Madeline Dickson




21 May 1985

  • 11534 Rank

  • 0 Points

Published on: 05 Dec 2016 by dickson

The Ins and Outs of the .osiris File Extension Virus

The crypto ransomware dubbed .osiris file
 is a recently released sequel of the notorious Locky thriller. This campaign commenced in late winter this year and has already produced several spinoffs, including the .locky file variant proper and its successor that concatenated the .zepto extension. The refreshed build of this hoax now appends .osiris to every file it encrypts and sticks with the same file renaming format. The affected data objects transform into inaccessible entities whose names consist of random 32 characters.

A tweak worth mentioning involves the use of a DLL installer. It circulates as an encrypted file, but once inside a new host environment it gets decrypted and executed beyond detection by security suites. As soon as this happens, .osiris ransomware begins traversing the contaminated system for various popular data entries, including Microsoft Office documents, different image formats, videos and databases. The repositories it scans are local disk drives, removable drives and other mapped folders on the network.

.osiris ransomware applies a combo or symmetric and asymmetric cryptographic standards to encipher the detected personal information. As a result, not only are victims unable to tell where a particular item is, but they cannot open or edit their files either. The so-called ransom note is named OSIRIS-([a-z0-9]{4})\.htm is created inside all the affected folders and on the desktop. These documents explain what steps to take for recovery. The ransomware also replaces the desktop wallpaper with an image containing these steps. This way, the infection tells the user to follow one of several available Tor (The Onion Router) links and hit the Locky Decryptor Page. This page is intended to provide a unique Bitcoin wallet address for the victim to send 0.5 BTC to.

Paying the ransom is a hideous thing for sure, but it may be the only option to restore valuable information since there is no free decrypt tool available at this point. All in all, prevention is better than cure, so be sure to steer clear of dubious email attachments and keep important files reliably backed up.


Add a Comment

* Please Add A Comment


Thank you for submission! Your comment will be displayed after getting approval from our administrators.

Connect With
Or Pick a name