Osiris Ransomware

Osiris Ransomware is the new version of the infamous Locky Ransomware that was first detected almost a year before the emergence of Osiris. Both of these infections spread in the same way, and they share visual similarities. For one, both of these threats create BMP files that are very similar and that carry the same messages. So, were these infections created by the same cyber criminal? It is likely that they were; however, it is also possible that a third-party has used the source code of the original Locky Ransomware. In any case, we recommend deleting both versions of this malicious ransomware, and we discuss how to do that in this report. If you continue reading, you will learn how to remove Osiris Ransomware. You will also learn how to recognize this infection, as well as what steps you need to take regarding the encrypted files. If any questions pop up while reading this report, you can use the comments section below to present them.

According to our research, Osiris Ransomware is distributed with the help of spam emails. The launcher of this infection might be introduced to you as a harmless-looking file attached to an inconspicuous email. If you open this file, the ransomware is executed immediately, but you might not realize that. If you do not realize that your operating system was infected, you will not delete the infection before it encrypts your files. We have yet to confirm which encryption method is used; however, Locky Ransomware used both RSA and AES encryption algorithms to encrypt the files and the decryption key. It is likely that Osiris Ransomware operates in the exact same way, and the information in the ransom note might be true. Once the files are encrypted, they are renamed, and the new names might have over 40 random characters, as well as the “.osiris” extension at the end. Needless to say, having the files renamed might make it much more difficult to figure out which files were encrypted, and that is crucial in case you have some of your files backed up.

Besides encrypting your personal files, Osiris Ransomware also creates its own files. One of them is the BMP file we mentioned before, and it is called “DesktopOSIRIS.bmp”. This file changes the background of your Desktop so that you would know what is happening as soon as the files are fully encrypted. According to the message, you need a “private key” and a “decrypt program” to have your files unlocked. It is stated that this software is stored on a secret server and that you can retrieve it if you install the Tor Browser, go to the provided page, and follow the instructions. We see the same message in the HTM file (“OSIRIS-[random characters].htm”) that is also created by the malicious Osiris Ransomware. If you follow the instructions as told, you will end up paying a ransom of 2 Bitcoins, which converts to around 1540 US Dollars or 1450 Euro. If you do not have that kind of money, there is not much you can do besides removing the ransomware and forgetting about your personal files, unless they are backed up!

If you pay the ransom that is requested by the creator of Osiris Ransomware, no one can guarantee that everything will go according to the plan. Although it is stated that a decryption key and a decryption program will be provided to you, are you completely sure you can trust cyber criminals? Our malware experts cannot guarantee this. At the end of the day, the malicious ransomware was created by someone who has no regard for your virtual safety. Would it be out of character for cyber crooks to just take your money and disappear without producing the promised tools? Of course, it would not, which is why you have to think things through before you act. If your files are backed up or if you do not think they are worth the risk, you need to delete Osiris Ransomware from your PC immediately. You also must not forget to erase this threat if you pay the ransom and your files end up getting decrypted, which, again, you should not rely on happening. If you are unable to remove the infection using the guide below, install reliable anti-malware software ASAP.

Osiris Ransomware Removal

1. Identify the malicious launcher (an .exe file that you might have downloaded via a corrupted spam email).
2. Right-click the file and choose Delete.
3. Right-click and Delete the OSIRIS-[random characters].htm file in every directory it is found.
4. Tap Win+E to launch Explorer and enter %USERPROFILE% into the bar at the top.
5. Open your [user name] folder.
6. Right-click and Delete the file named DesktopOSIRIS.bmp.
7. Finally, install a legitimate malware scanner to inspect your PC for leftovers and other threats.