Locky .OSIRIS Ransomware–Threat In Detail
Locky .OSIRIS is a brutal ransomware that is a new revised version of Locky Ransomware. It uses the most common way of intrusion that is the spam mail attachments enabled macros. It encrypts most of the files on the attacked PC. Locky .OSIRIS ransomware can cause massive damage to the files and destroys shadow volume copies so that voctim may not able to recover the files. And they are left with the option to pay the said amount as the 2 decryption fees. This ransomware is able to delete the shadow volume copies of the encrypted files.
Cyber experts always recommend keeping a backup of all important files and never pay any ransom to such criminals as it is no any guarantee that they are going to give your files back. Instead go for powerful removal tool to remove Locky .OSIRIS ransomware from PC and try recovering files using data recovery tool.
|Name||Locky .OSIRIS Ransomware|
|Description||Locky .OSIRIS Ransomware encrypts files, videos, images and texts stored on the target PC and demand a ransom amount from users to decode the files.|
|Occurrence||spam mail attachments., exploit kits, malicious links and java script codes..|
|Possible Symptoms||The ransom note can be seen on desktop and other file directories and files could not be accessible.|
|Detection Tool||Download the Detection tool– To confirm attack of Locky .OSIRIS Ransomware virus on your computer.|
Locky .OSIRIS Ransomware is distributed via email spam attachments which might be in the form of PDF file containing malicious macro. The file may not be flagged as spam so it might appear in your inbox named as any important document as Receipt or payment with “.docm” file extension inside, which can be opened via Microsoft Word. . Once the user open the attachment, it displays some instruction that is actually fake:
This Document is protected!
1 Open the document in Microsoft Office. Previewing offline is not available for protected documents.
2 If this document was downloaded from your email, please click “Enable editing” from the yellow bar above.
3 Once you have enable editing please click on “Enable content” on the yellow bar above.
It starts downloading the program and silently execute the .OSIRIS Locky.
More about Locky .OSIRIS Ransomware
After getting installed, Locky .OSIRIS Ransomware may drop malicious payloads and entries in the windows’s registry. And deletes the shadow volume copies of the files.
→ vssadmin delete shadows /all /quiet
Locky .OSIRIS Ransomware uses AES-256 bit encrypting algorithm to encrypt files like Documents, PDF, photos, music, videos, databases, etc. After encrypting the files, the ransomware changes the desktop wallpaper to ransom note:
Along with that, Locky .OSIRIS Ransomware also leaves a ransom note detailed with how to contact them and decrypt files.
List of file extension encrypted
→ .3dm, .3ds, .3g2, .3gp, .7z, .accdb, .aes, .ai, .aif, .apk, .app, .arc, .asc, .asf, .asm, .asp, .aspx, .asx, .avi, .bmp, .brd, .bz2, .c, .cer, .cfg, .cfm, .cgi, .cgm, .class, .cmd, .cpp, .crt, .cs, .csr, .css, .csv, .cue, .db, .dbf, .dch, .dcu, .dds, .dif, .dip, .djv, .djvu, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dtd, .dwg, .dxf, .eml, .eps, .fdb, .fla, .flv, .frm, .gadget, .gbk, .gbr, .ged, .gif, .gpg, .gpx, .gz, .h, .htm, .html, .hwp, .ibd, .ibooks, .iff, .indd, .jar, .java, .jks, .jpg, .js, .jsp, .key, .kml, .kmz, .lay, .lay6, .ldf, .lua, .m, .m3u, .m4a, .m4v, .max, .mdb, .mdf, .mfd, .mid, .mkv, .mml, .mov, .mp3, .mp4, .mpa, .mpg, .ms11, .msi, .myd, .myi, .nef, .note, .obj, .odb, .odg, .odp, .ods, .odt, .otg, .otp, .ots, .ott, .p12, .pages, .paq, .pas, .pct, .pdb, .pdf, .pem, .php, .pif, .pl, .plugin, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prf, .priv, .privat, .ps, .psd, .pspimage, .py, .qcow2, .ra, .rar, .raw, .rm, .rss, .rtf, .sch, .sdf, .sh, .sitx, .sldx, .slk, .sln, .sql, .sqlite, .sqlite, .srt, .stc, .std, .sti, .stw, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tbk, .tex, .tga, .tgz, .thm, .tif, .tiff, .tlb, .tmp, .txt, .uop, .uot, .vb, .vbs, .vcf, .vcxpro, .vdi, .vmdk, .vmx, .vob, .wav, .wks, .wma, .wmv, .wpd, .wps, .wsf, .xcodeproj, .xhtml, .xlc, .xlm, .xlr, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .yuv, .zip, .zipx, .dat