{"id":1183,"date":"2016-12-05T15:25:13","date_gmt":"2016-12-05T15:25:13","guid":{"rendered":"https:\/\/myspybot.com\/?p=1183"},"modified":"2025-11-30T11:43:44","modified_gmt":"2025-11-30T11:43:44","slug":"osiris-files-virus","status":"publish","type":"post","link":"https:\/\/myspybot.com\/osiris-files-virus\/","title":{"rendered":"Decrypt .osiris files and remove Locky-Osiris ransomware virus"},"content":{"rendered":"
A new version of the Locky ransomware is out, which encrypts files using RSA and AES ciphers, appends them with the .osiris<\/strong> extension and demands 0.5 BTC.<\/blockquote>\n

The latest update of the Locky ransomware<\/a> as of December 5, 2016 has brought about a couple of changes to the way this infection manifests itself. The most conspicuous tweak has to do with the new .osiris extension<\/strong> that the perpetrating program affixes to filenames. The threat actors have apparently switched from using Norse mythology to an Egyptian naming theme. The primary attack vector underwent an alteration as well. The payload for Osiris ransomware is delivered with spam emails that contain a malware-tainted .xls file on board. When a user opens this spreadsheet, it turns out blank. The document displays a prompt instructing the victim to \u201cenable content\u201d, which actually translates to activating Microsoft Excel macros. Then, the infection exploits macros to execute the .osiris file ransomware on the targeted computer.<\/p>\n

\"The<\/a>
The Osiris ransomware attack<\/figcaption><\/figure>\n

The next phase of the compromise involves a silent scan of the infected PC\u2019s hard drive, removable drives and network shares for personal files. Once the list thereof has been shaped up, the ransomware encrypts the data with a blend of symmetric AES-128 and asymmetric RSA-2048 cryptosystems. Consequently, the victim\u2019s important files can no longer be opened or edited. The private RSA key, which is the critical prerequisite of decryption, is nowhere to be found on the contaminated computer.<\/p>\n

<\/a>
Encrypted .osiris files and a new HTM ransom note<\/figcaption><\/figure>\n

The .osiris extension isn\u2019t the only attribute of the new look and feel of one\u2019s affected files. Another problem is that the infection also scrambles filenames according to a brand-new principle. Ultimately, it renames them into long, weird-looking strings of 36 hexadecimal characters similar to F6A7EEC1–F8BA–409E–582A6BCA–85017FD6852D.osiris<\/strong>. This format, obviously, makes it impossible to figure out which file it was before the scrambling.<\/p>\n

\"Locky<\/a>
Locky Decryptor Page asking for a 0.5-Bitcoin ransom<\/figcaption><\/figure>\n

As opposed to its .aesir and .ZZZZZ file predecessors, the Osiris ransomware leaves a different ransom note. It\u2019s now called OSIRIS-[4 hexadecimal-char ID].htm<\/strong>, where the ID part varies from victim to victim. An actual example is OSIRIS-5b12.htm<\/strong>. This file opens up in the default web browser and provides some preliminary recommendations on restoring the locked data. In particular, it recommends the victim to visit the Locky Decryptor Page using the Tor Browser. The page then tells the user to submit 0.5 BTC to a specific Bitcoin wallet in order to be able to download the automatic decryptor. Be advised, though, that some people never get their private key and decrypt tool even after they pay the ransom. So stick with the recommendations below instead.<\/p>\n<\/span>\r\n

<\/div>\r\n\r\n

Osiris ransomware automated removal and data recovery<\/h2>\r\n\r\n

When faced with ransomware like Osiris, one of the best shortcuts in terms of removal is to use Combo Cleaner, a lightweight and incredibly effective application with PC security and optimization features under the hood. It detects and thoroughly deletes threats while giving you insights into the overall health of your computer.<\/p>\r\n

This program\u2019s protection power spans modules that forestall all known types of malware, including ransomware and browser hijackers, and take your online security to the next level by blocking phishing sites and other suspicious web pages. Follow these simple steps to eliminate the infection for good:<\/p>\r\n

1<\/strong>. Download<\/strong> Combo Cleaner installer.<\/p>\r\n

<\/span>Download Osiris remover<\/a><\/span><\/p>\r\n

Combo Cleaner scans your PC with no strings attached, but you\u2019ll have to buy its fully functional version to remove the threats it detects. The disk optimization tools that find large files and duplicates are free to use.<\/sup><\/p>\r\n

\"Download<\/p>\r\n

2<\/strong>. Open the CCSetup.exe file to get started. Several subsequent screens will allow you to make initial customizations so that the program works exactly as you need from the get-go.\"Setup<\/p>\r\n

3<\/strong>. The installation will be followed by an update of malware signatures. Once this process is through, click the Start Scan<\/strong> button in the left-hand sidebar.\"Start<\/p>\r\n

4<\/strong>. Combo Cleaner will then check system locations that are most often polluted by Windows malware. The first scan can take a while to finish.\"Combo<\/p>\r\n

5<\/strong>. Combo Cleaner will display a system tray notification as soon as the scan is over. Click the Resolve found threats<\/strong> button to view the results.\"Scan<\/p>\r\n

6<\/strong>. The scan summary shows the names and types of the detected threats as well as their statuses and locations. Click the Remove all threats<\/strong> button and follow further on-screen prompts to get rid of these items.\"Scan<\/p>\r\n

Data recovery toolkit to the rescue<\/strong><\/p>\r\n

Some strains of ransomware are known to delete the original files after the encryption routine has been completed. As hostile as this activity appears, it can play into your hands. There are applications designed to revive the information that was obliterated because of malfunctioning hardware or due to accidental removal. The tool called Stellar Data Recovery features this type of a capability and therefore it can be applied in ransom attack scenarios to at least get the most important files back. So use the app to get an idea of what data can be restored and let it do the recovery job. Here is a step-by-step walkthrough:<\/p>\r\n

1<\/strong>. Download and install Stellar Data Recovery<\/a>.<\/p>\r\n

<\/span>Download Stellar Data Recovery<\/a><\/span><\/p>\r\n

2<\/strong>. Open the application, select the types of recoverable files to look for, and click Next<\/strong>.\"Stellar<\/p>\r\n

3<\/strong>. Choose the areas you want the tool to recover from and click the Scan<\/strong> button.\"Select<\/p>\r\n

4<\/strong>. Having scanned the specified locations, the program will display a notification about the total amount of recoverable data. Close the dialog and click the Recover button. This will hopefully help you get some of your valuable files back.\"Recover<\/p>\r\n<\/span>

<\/div>\r\n

Osiris ransomware manual removal and file recovery<\/h2>\r\n\r\n

Some ransomware strains terminate themselves after completing the encryption job on a computer, but some don\u2019t. Furthermore, the Osiris virus may prevent victims from using popular antimalware tools in order to stay on board for as long as possible. Under the circumstances, it may be necessary to utilize the Safe Mode with Networking or System Restore functionality.<\/p>\r\n

\r\n

<\/span>Remove Osiris ransomware using Safe Mode with Networking<\/span><\/h4>\r\n

<\/span>Remove Osiris ransomware using Safe Mode with Networking<\/span><\/h4>\r\n
\r\n

Boot into Safe Mode with Networking. The method to do it depends on the version of the infected operating system. Follow the instructions below for your OS build.<\/p>\r\n