Traditionally spread by SPAM campaigns, Osiris Ransomware is the 7th generation of the Locky ransomware / crypto virus. It complicates the job of debugging and reverses engineering using a virtual machine; this algorithm is heavily modified as compared to the previous version. It uses standard Windows components to download and execute the payload (scripts and libraries) which is not easily detected. Windows and possibly Mac and Android devices could be affected by it. The main aim of Osiris Ransomware is to encrypt Microsoft Volume Shadow Copy Service (VSS) which is available in every copy of MS Windows and deletes the previous created Shadows copies, infects local devices and easily spreads across the network to infect other computers and network folders. Across inventor’s boundaries, Osiris can also be distributed through CRM/Customer support systems (including cloud based). Infected user of one organization can send an email to CRM system email address with the help of its internal parser parses incoming email and attaches dangerous attachments for ticket. As the engineer of Customer support opens the tickets, opens Excel attachment and the whole internet system gets infected. Strong encryption algorithms are used by Osiris , therefore affected data cannot be decrypted by any third-part tools and it becomes quite impossible for the user to get his files decrypted.
Osiris Ransomware is distributed using user’s spam emails having the words “Invoice” or “Order Confermatoin” with the text line with a compressed attachment containing the Infectious matter like an Excel file with a VBA macro or a .jse executable script (a dropper).As the process is done, a DLL file is downloaded with the help of Rundll32.exe.in your PC. Exe executables are not used by the developers of this ransomware and to hide it instead use standard Windows components to launch their scripts and DLL files. Legitimate advertising networks to serve cleverly designed ads that distribute ransomware with little or no user interaction required are used up by the cyber crooks. Some of the websites affected last year included BBC, MSN, and AOL were affected by it with cyber criminals taking advantage of the automated ad networks, helping them to serve their infected ads after their account passed previous verification checks without being careful. So, remove Osiris Ransomware quickly.
Similar to *.osiris, CTB-Locker, Dharma Purge,. Cerber and JohnyCryptor, there are dozens of ransomware-type viruses. These are only examples. All have identical behaviour – encryption of data and demanding ransom. Main difference appears cost of decryption and type of encryption algorithm (symmetric/asymmetric). Cyber criminals often proliferate ransomware through peer-to-peer networks, spam emails (malicious attachments and other third party software download sources like Torrents, eMule, free file hosting websites, freeware download websites, etc., rogue software update tools, and trojans. So be alert and never open any files received from suspicious email addresses or download software from unknown sources. It is very well known that cyber criminals are capable of exploiting software bugs/flaws to corrupt your PC. Therefore, keep your installed applications up-to-date. Don’t ever use any third party update tools. If you are in trouble then follow the advice of decryptors of the ransomware.