Osiris Ransomware

The war between wetware and hardware.
User avatar
ed
Posts: 30993
Joined: Tue Jun 08, 2004 11:52 pm
Title: Rhino of the Florida swamps
Has thanked: 361 times
Been thanked: 598 times

Osiris Ransomware

Postby ed » Thu Jan 12, 2017 9:25 pm

Got it

Advice

oh, fuck
- new minimalist ethos -

User avatar
Grammatron
Posts: 31485
Joined: Tue Jun 08, 2004 1:21 am
Location: Los Angeles, CA
Been thanked: 1287 times

Re: Osiris Ransomware

Postby Grammatron » Thu Jan 12, 2017 9:30 pm

Easy.

Reformat and restore from backups.
pillory wrote:jokes aren't funny....seriously thinking......

seriously thinking might be funny....but it's not joke

User avatar
Anaxagoras
Posts: 19396
Joined: Wed Mar 19, 2008 5:45 am
Location: Yokohama/Tokyo, Japan
Has thanked: 1145 times
Been thanked: 897 times

Re: Osiris Ransomware

Postby Anaxagoras » Thu Jan 12, 2017 10:35 pm

How did you get it?
A fool thinks himself to be wise, but a wise man knows himself to be a fool.
William Shakespeare

User avatar
gnome
Posts: 20814
Joined: Tue Jun 29, 2004 12:40 am
Location: New Port Richey, FL
Has thanked: 278 times
Been thanked: 273 times

Re: Osiris Ransomware

Postby gnome » Thu Jan 12, 2017 10:53 pm

Malware Bytes claims to be able to remove the malicious software, but will not decrypt your affected personal files.

https://malwaretips.com/blogs/remove-osiris-virus/

The only solution is preventative, I'm sorry to say--having a backup of the files it would try to get at.

I use a software called CrashPlan, costs about $5 a month, and I can back up and encrypt massive amounts of my data with a key that they don't have access to. It may not be 100% secure but it's probably as good as I need.
"If fighting is sure to result in victory, then you must fight! Sun Tzu said that, and I'd say he knows a little bit more about fighting than you do, pal, because he invented it, and then he perfected it so that no living man could best him in the ring of honor. Then, he used his fight money to buy two of every animal on earth, and then he herded them onto a boat, and then he beat the crap out of every single one. And from that day forward any time a bunch of animals are together in one place it's called a zoo! (Beat) Unless it's a farm!"
--Soldier, TF2

User avatar
gnome
Posts: 20814
Joined: Tue Jun 29, 2004 12:40 am
Location: New Port Richey, FL
Has thanked: 278 times
Been thanked: 273 times

Re: Osiris Ransomware

Postby gnome » Thu Jan 12, 2017 10:59 pm

Also FWIW-- reporting the attack.

https://www.ic3.gov/media/2016/160915.aspx
"If fighting is sure to result in victory, then you must fight! Sun Tzu said that, and I'd say he knows a little bit more about fighting than you do, pal, because he invented it, and then he perfected it so that no living man could best him in the ring of honor. Then, he used his fight money to buy two of every animal on earth, and then he herded them onto a boat, and then he beat the crap out of every single one. And from that day forward any time a bunch of animals are together in one place it's called a zoo! (Beat) Unless it's a farm!"
--Soldier, TF2

User avatar
Doctor X
Posts: 64602
Joined: Fri Jun 04, 2004 8:09 pm
Title: Collective Messiah
Location: Your Mom
Has thanked: 2800 times
Been thanked: 1762 times

Re: Osiris Ransomware

Postby Doctor X » Fri Jan 13, 2017 12:05 am

I am sorry, I thought this was Relevant to My Interests. . . . Image

--J.D.

P.S. One should have two sets of back-ups which cheap programs, yes, even for PCs, can allow encrypted back-ups. Have one done every week and one done every day. I cannot stress how useful that is enough. Not just "wee beasties" or even ransomware: avoiding fuck-ups.

Just yesterday, out of the blue, javascript would not work on SC, and only SC, on Firefox. Safari? No problem. So I alert Pyrrho but I also notice no one else is complaining since you all suck the dick of Google Chrome.

So I spend/waste an hour checking things.

So I boot from my clone made twelve hours before.

No problem.

15 minutes later problem is solved as the clone reclones my internal hard drive.

I also tend to back up "harder data" on a separate HD which I also back up. Music, photos, documents, Pictures of Your Moms, all of that.

2 TB external HD < $100
Cloning program $0-$30ish

I do not trust "offline" monthly fee crap.

Finally, I am sure for PCs there are programs that allow separate encryption of files. When you think about it, ransomware is sort of a global program that does that without your permission . . . which you cannot do ON A MAC Image. This stuff is designed for people with laptops who are, like, traveling and are reporters and, basically, someone demands you boot your laptop and demands your data--not just steals your laptop. You have basically created areas that cannot be found unless you know where to find them.

In such files goes your tax documents, other financials, That Trump Sex Tape with Lena Dunham Image. This keeps them all away from prying eyes as well as, you guess it, Wee Beasties since the damn thing cannot access the files.

And, yes, cloning programs can clone all of that as well.

Image

--J.D.
Mob of the Mean: Free beanie, cattle-prod and Charley Fan Club!
"Doctor X is just treating you the way he treats everyone--as subhuman crap too dumb to breathe in after you breathe out."--Don
DocX: FTW.--sparks
"Doctor X wins again."--Pyrrho
"It was the criticisms of Doc X, actually, that let me see more clearly how far the hypocrisy had gone."--clarsct
"I'd leave it up to Doctor X who has been a benevolent tyrant so far."--Grammatron
"Indeed you are a river to your people.

Shit. That's going to end up in your sig."--Pyrrho

ImageWS CHAMPIONS X3!!! NBA CHAMPIONS!! ImageStanley Cup!Image SB CHAMPIONS X5!!!!! Image

User avatar
Pyrrho
Posts: 23950
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6
Has thanked: 2386 times
Been thanked: 2267 times

Re: Osiris Ransomware

Postby Pyrrho » Fri Jan 13, 2017 12:11 am

What Doctor X said. Also disconnect your backup drive from your system after the backup is complete. I use an external 2TB drive which I only plug in when I want to run a backup.

Which I need to do tonight.

Anyway, you may be able to use the Kaspersky utility to decrypt your files after you've cleaned out the ransomware itself.

https://www.bugsfighter.com/remove-osir ... ris-files/

There are some other decryption utilities out there as well:

https://www.google.com/search?q=ransomw ... utc=sp-006

Kaspersky, TrendMicro, Avast, and others have free utilities and instructions.

On Winders, I have an Administrator account with all the awesome powers and a standard account without awesome powers. I can only install software if I log on to the Administrator account.

A lot of malware is installed via phony "updates". Caveat clcky.

My work laptop is configured such that if it is lost or stolen, IT can "brick" it remotely. Might be good for parts but that's about it.
The flash of light you saw in the sky was not a UFO. Swamp gas from a weather balloon was trapped in a thermal pocket and reflected the light from Venus.

User avatar
Doctor X
Posts: 64602
Joined: Fri Jun 04, 2004 8:09 pm
Title: Collective Messiah
Location: Your Mom
Has thanked: 2800 times
Been thanked: 1762 times

Re: Osiris Ransomware

Postby Doctor X » Fri Jan 13, 2017 12:19 am

Indeed, my Ex-HD are "offline" by nature--not connected to the computer.

Your first link promises some hope :hyper: that gnome's does not :( --that Kaspersky has an option if you have a copy of a file "somewhere" that is not affected its programs can use to figure out the encryption.

--J.D.
Mob of the Mean: Free beanie, cattle-prod and Charley Fan Club!
"Doctor X is just treating you the way he treats everyone--as subhuman crap too dumb to breathe in after you breathe out."--Don
DocX: FTW.--sparks
"Doctor X wins again."--Pyrrho
"It was the criticisms of Doc X, actually, that let me see more clearly how far the hypocrisy had gone."--clarsct
"I'd leave it up to Doctor X who has been a benevolent tyrant so far."--Grammatron
"Indeed you are a river to your people.

Shit. That's going to end up in your sig."--Pyrrho

ImageWS CHAMPIONS X3!!! NBA CHAMPIONS!! ImageStanley Cup!Image SB CHAMPIONS X5!!!!! Image

User avatar
Abdul Alhazred
Posts: 66394
Joined: Mon Jun 07, 2004 1:33 pm
Title: Yes, that one.
Location: Chicago
Has thanked: 2041 times
Been thanked: 870 times

Re: Osiris Ransomware

Postby Abdul Alhazred » Fri Jan 13, 2017 12:35 am

Just curious. How does the malefactor get paid?

Bitcoin?
Image "If I turn in a sicko, will I get a reward?"

"Yes! A BIG REWARD!" ====> Click here to turn in a sicko
Any man writes a mission statement spends a night in the box.
-- our mission statement plappendale

User avatar
Witness
Posts: 12674
Joined: Thu Sep 19, 2013 5:50 pm
Has thanked: 1352 times
Been thanked: 1887 times

Re: Osiris Ransomware

Postby Witness » Fri Jan 13, 2017 1:13 am

Anaxagoras wrote:How did you get it?

ed lives dangerously… :mrgreen:

Image

User avatar
Pyrrho
Posts: 23950
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6
Has thanked: 2386 times
Been thanked: 2267 times

Re: Osiris Ransomware

Postby Pyrrho » Fri Jan 13, 2017 1:35 am

Abdul Alhazred wrote:Just curious. How does the malefactor get paid?

Bitcoin?

That's the usual demand.
The flash of light you saw in the sky was not a UFO. Swamp gas from a weather balloon was trapped in a thermal pocket and reflected the light from Venus.

User avatar
ed
Posts: 30993
Joined: Tue Jun 08, 2004 11:52 pm
Title: Rhino of the Florida swamps
Has thanked: 361 times
Been thanked: 598 times

Re: Osiris Ransomware

Postby ed » Fri Jan 13, 2017 1:45 am

<sigh>iles.

I got an email. From FedEx. We do a fair amount of business with FX so getting an email is no biggie. Subject was "undeliverable package" or words to that effect. New one on me but FX changes things every now and then, so no biggie. Seems that the return label was an attachment. Boy, I had problems figuring that one out, couldn't open it. My wife wanted to get a copy of the thing since she handles client service and returns and stuff like that. I nicely sent her a copy.

Shortly thereafter I noted that many many dropbox files were being updated. My my wife was busy. Yes indeed. Then I looked into my drop box. Holy shit. 7000 files with the Osiris extension. That and one HTML file per folder that told you how to log into some web address using the Tor browser. They made no bones about it, it was extortion pure and simple.

I energetically told my wife to pull the plug on her machine. Long story shot the fucking thing started with her local dropbox which then dutifully corrupted the cloud copies then dutifully updated the stuff on my machine. 100% of our business files.

<sigh> That was 1:30 EST. See, I figured that with dropbox I had backups. And they have copies of deleted files. NOT. For some reason the deleted files weren't there. However, my laptop, which has dropbox, died last night. Soooooooo all of the business stuff and my personal stuff is back... wife's machine is a mess though I think that it is mostly photos (!). Also Quickbooks appears to be corrupted. Probably other stuff.

I will read thru the good advice and undoubted mockery in the above posts later or tomorrow. Thanks for all the info.

I do think that I would shoot the perpetrator.
- new minimalist ethos -

User avatar
Witness
Posts: 12674
Joined: Thu Sep 19, 2013 5:50 pm
Has thanked: 1352 times
Been thanked: 1887 times

Re: Osiris Ransomware

Postby Witness » Fri Jan 13, 2017 2:20 am

↑ We commiserate with you, ed, rest assured. :(

But as this is one of the rare places where you can laugh of everything… :mrgreen:

User avatar
ed
Posts: 30993
Joined: Tue Jun 08, 2004 11:52 pm
Title: Rhino of the Florida swamps
Has thanked: 361 times
Been thanked: 598 times

Re: Osiris Ransomware

Postby ed » Fri Jan 13, 2017 2:24 am

It is sorta funny.


I see Doc X standing above the fray explaining how you should have backups of everything.

Jesus, with dropbox I didn't think that I needed backups.
- new minimalist ethos -

User avatar
Grammatron
Posts: 31485
Joined: Tue Jun 08, 2004 1:21 am
Location: Los Angeles, CA
Been thanked: 1287 times

Re: Osiris Ransomware

Postby Grammatron » Fri Jan 13, 2017 4:03 am

If your wife was in the kitchen making you a sandwich none of this would happen
pillory wrote:jokes aren't funny....seriously thinking......

seriously thinking might be funny....but it's not joke

User avatar
Doctor X
Posts: 64602
Joined: Fri Jun 04, 2004 8:09 pm
Title: Collective Messiah
Location: Your Mom
Has thanked: 2800 times
Been thanked: 1762 times

Re: Osiris Ransomware

Postby Doctor X » Fri Jan 13, 2017 5:07 am

Pyrrho wrote:Anyway, you may be able to use the Kaspersky utility to decrypt your files after you've cleaned out the ransomware itself.

https://www.bugsfighter.com/remove-osir ... ris-files/


Seems like a place to start and start NOW.

--J.D.
Mob of the Mean: Free beanie, cattle-prod and Charley Fan Club!
"Doctor X is just treating you the way he treats everyone--as subhuman crap too dumb to breathe in after you breathe out."--Don
DocX: FTW.--sparks
"Doctor X wins again."--Pyrrho
"It was the criticisms of Doc X, actually, that let me see more clearly how far the hypocrisy had gone."--clarsct
"I'd leave it up to Doctor X who has been a benevolent tyrant so far."--Grammatron
"Indeed you are a river to your people.

Shit. That's going to end up in your sig."--Pyrrho

ImageWS CHAMPIONS X3!!! NBA CHAMPIONS!! ImageStanley Cup!Image SB CHAMPIONS X5!!!!! Image

User avatar
Pyrrho
Posts: 23950
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6
Has thanked: 2386 times
Been thanked: 2267 times

Re: Osiris Ransomware

Postby Pyrrho » Fri Jan 13, 2017 7:47 am

Kaspersky has some other utilities

https://noransom.kaspersky.com/

Someone has a list of several others but I can't find it now. You might find expert advice on one of the antivirus companies forums.

The FedEx email attack is very common. The criminals make these things look very legitimate.

You are the victim of a crime.
The flash of light you saw in the sky was not a UFO. Swamp gas from a weather balloon was trapped in a thermal pocket and reflected the light from Venus.

User avatar
Doctor X
Posts: 64602
Joined: Fri Jun 04, 2004 8:09 pm
Title: Collective Messiah
Location: Your Mom
Has thanked: 2800 times
Been thanked: 1762 times

Re: Osiris Ransomware

Postby Doctor X » Fri Jan 13, 2017 8:26 am

Though I will say this since one of my "catcher" accounts gets these.

The header tells a story, even if forged. You cannot forge it all.

Why is FedEx trying to contact you from outside of the US or from a server that has nothing to do with FedEx or from an address that is not fucking FedEx?!!

Businesses also do not send compressed files.

I know, I know, it is pissing on a grave, but graves exist to remind us all that we are not special.

--J.D.
Mob of the Mean: Free beanie, cattle-prod and Charley Fan Club!
"Doctor X is just treating you the way he treats everyone--as subhuman crap too dumb to breathe in after you breathe out."--Don
DocX: FTW.--sparks
"Doctor X wins again."--Pyrrho
"It was the criticisms of Doc X, actually, that let me see more clearly how far the hypocrisy had gone."--clarsct
"I'd leave it up to Doctor X who has been a benevolent tyrant so far."--Grammatron
"Indeed you are a river to your people.

Shit. That's going to end up in your sig."--Pyrrho

ImageWS CHAMPIONS X3!!! NBA CHAMPIONS!! ImageStanley Cup!Image SB CHAMPIONS X5!!!!! Image

User avatar
Anaxagoras
Posts: 19396
Joined: Wed Mar 19, 2008 5:45 am
Location: Yokohama/Tokyo, Japan
Has thanked: 1145 times
Been thanked: 897 times

Re: Osiris Ransomware

Postby Anaxagoras » Fri Jan 13, 2017 9:13 am

That really sucks Ed.

Maybe this situation calls for hiring a professional?
A fool thinks himself to be wise, but a wise man knows himself to be a fool.
William Shakespeare

User avatar
gnome
Posts: 20814
Joined: Tue Jun 29, 2004 12:40 am
Location: New Port Richey, FL
Has thanked: 278 times
Been thanked: 273 times

Re: Osiris Ransomware

Postby gnome » Fri Jan 13, 2017 11:35 am

Was the attachment an executable? I'm trying to find out from your experience what the actual trigger event was. Help me look out for that sort of thing myself.
"If fighting is sure to result in victory, then you must fight! Sun Tzu said that, and I'd say he knows a little bit more about fighting than you do, pal, because he invented it, and then he perfected it so that no living man could best him in the ring of honor. Then, he used his fight money to buy two of every animal on earth, and then he herded them onto a boat, and then he beat the crap out of every single one. And from that day forward any time a bunch of animals are together in one place it's called a zoo! (Beat) Unless it's a farm!"
--Soldier, TF2


Return to “Computers”

Who is online

Users browsing this forum: CCBot [Bot] and 0 guests