What is Osiris Ransomware
Osiris Ransomware is newest variant of Locky ransomware. According to its name, new virus adds .osiris suffix to encrypted files and modifies filenames so they look like that: [8_random_characters]-[4_random_characters]-[4_random_characters]-[8_random_characters]-[12_random_characters].osiris. Osiris encrypts files with RSA-2048 and AES-128 algorithms that currently cannot be decrypted. Ransom is near 2.5 BitCoins (~$1880) and there is no earthly use to pay it. Osiris ransomware alters desktop background with typical image with text instructions. User can only make payment to anonymous Bitcoin wallets, so that police cannot keep track on malefactors. Virus copies 3 files (OSIRIS.html, OSIRIS_[4_digit_number].html and OSIRIS.bmp) to the folder with encrypted files. Read this guide to remove Osiris ransomware and decrypt .osiris files in Windows 10, 8, 7, XP.
Note: Hackers usually do not send any decryptors or decryption keys even if you pay them. Wait until working decryptor appears or try to restore .osiris files manually from backup or using instructions below.
How Osiris Ransomware infected your PC
Osiris spreads via e-mails with malicious attachments with strange extensions (.xls, .tdb, .zk, .342, .343, .552) or through Facebook spam messages. E-mails pretend to be from DHL or FedEx. Infection is realized via archived java-script files or built-in macros inside the Word or Excel document, that will then download main executable. JavaScript files icons may look like text files and unsuspecting users usually click on them. Virus assigns certain ID with the victims, that is used to name those files and supposedly to send decryption key. In order to prevent infection with this type of threats in future we recommend you to use SpyHunter 5 and HitmanPro with Cryptoguard. Example of spam e-mail that distributes Locky (.osiris) virus.
From: "Marina"
To: [REDACTED] Subject: Emailing: _0828817_36073220
Date: Mon, 05 Dec 2016 15:24:01 +0530
Your message is ready to be sent with the following file or link
attachments:
_0828817_36073220
Note: To protect against computer viruses, e-mail programs may prevent
sending or receiving certain types of file attachments. Check your e-mail
security settings to determine how attachments are handled.
Attachment: _0828817_36073220.xls
Download Osiris Ransomware Removal Tool
To remove Osiris Ransomware completely we recommend you to use SpyHunter 5. It detects and removes all files, folders and registry keys of Osiris Ransomware.
Alternative remover
As a good free alternative to remove Osiris Ransomware use Malwarebytes Anti-Malware. It will detect core files and processes of Osiris ransomware and eliminate them to allow you start decryption of your files.
How to remove Osiris Ransomware manually
It is not recommended to remove Osiris Ransomware manually, for safer solution use Removal Tools instead.
Osiris Ransomware files:
OSIRIS.bmp
OSIRIS.html
OSIRIS_[4_digit_number].html
Osiris Ransomware registry keys:
no information
How to decrypt and restore .osiris files
Use automated decryptors
Osiris Ransomware allows user to decrypt 1 file for free. This can be used to attempt and decrypt all files by determining encryption key using this decrypted file and comparing it with encrypted one using special tools. Ransomware decryptor from Kaspersky may be useful in this case. It is free and easy to use. Download Kaspersky Ransomware Decryptor here:
There is no purpose to pay the ransom, because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
If you are infected with Osiris ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses like Osiris Ransomware in future
Use Malwarebytes Anti-Ransomware Beta
Famous anti-malware vendor Malwarebytes along with EasySync Solutions created tool that will help you with active anti-ransomware protection as additional shield to your current protection.
Use HitmanPro.Alert with CryptoGuard
Dutch vendor of legendary cloud-based scanner HitmanPro – SurfRight released active antivirus solution HitmanPro.Alert with CryptoGuard feature that effectively protects from latest versions of cryptoviruses.