## Osiris Ransomware

The war between wetware and hardware.
ed
Posts: 33069
Joined: Tue Jun 08, 2004 11:52 pm
Title: Rhino of the Florida swamp
Has thanked: 441 times
Been thanked: 754 times

### Osiris Ransomware

Got it

oh, fuck
Wenn ich Kultur höre, entsichere ich meinen Browning!

Grammatron
Posts: 33470
Joined: Tue Jun 08, 2004 1:21 am
Location: Los Angeles, CA
Been thanked: 1720 times

### Re: Osiris Ransomware

Easy.

Reformat and restore from backups.

Anaxagoras
Posts: 21506
Joined: Wed Mar 19, 2008 5:45 am
Location: Yokohama/Tokyo, Japan
Has thanked: 1394 times
Been thanked: 1188 times

### Re: Osiris Ransomware

How did you get it?
A fool thinks himself to be wise, but a wise man knows himself to be a fool.
William Shakespeare

gnome
Posts: 22087
Joined: Tue Jun 29, 2004 12:40 am
Location: New Port Richey, FL
Has thanked: 362 times
Been thanked: 394 times

### Re: Osiris Ransomware

Malware Bytes claims to be able to remove the malicious software, but will not decrypt your affected personal files.

https://malwaretips.com/blogs/remove-osiris-virus/

The only solution is preventative, I'm sorry to say--having a backup of the files it would try to get at.

I use a software called CrashPlan, costs about $5 a month, and I can back up and encrypt massive amounts of my data with a key that they don't have access to. It may not be 100% secure but it's probably as good as I need. "If fighting is sure to result in victory, then you must fight! Sun Tzu said that, and I'd say he knows a little bit more about fighting than you do, pal, because he invented it, and then he perfected it so that no living man could best him in the ring of honor. Then, he used his fight money to buy two of every animal on earth, and then he herded them onto a boat, and then he beat the crap out of every single one. And from that day forward any time a bunch of animals are together in one place it's called a zoo! (Beat) Unless it's a farm!" --Soldier, TF2 gnome Posts: 22087 Joined: Tue Jun 29, 2004 12:40 am Location: New Port Richey, FL Has thanked: 362 times Been thanked: 394 times ### Re: Osiris Ransomware Also FWIW-- reporting the attack. https://www.ic3.gov/media/2016/160915.aspx "If fighting is sure to result in victory, then you must fight! Sun Tzu said that, and I'd say he knows a little bit more about fighting than you do, pal, because he invented it, and then he perfected it so that no living man could best him in the ring of honor. Then, he used his fight money to buy two of every animal on earth, and then he herded them onto a boat, and then he beat the crap out of every single one. And from that day forward any time a bunch of animals are together in one place it's called a zoo! (Beat) Unless it's a farm!" --Soldier, TF2 Doctor X Posts: 67556 Joined: Fri Jun 04, 2004 8:09 pm Title: Collective Messiah Location: Your Mom Has thanked: 3394 times Been thanked: 2157 times ### Re: Osiris Ransomware I am sorry, I thought this was Relevant to My Interests. . . . --J.D. P.S. One should have two sets of back-ups which cheap programs, yes, even for PCs, can allow encrypted back-ups. Have one done every week and one done every day. I cannot stress how useful that is enough. Not just "wee beasties" or even ransomware: avoiding fuck-ups. Just yesterday, out of the blue, javascript would not work on SC, and only SC, on Firefox. Safari? No problem. So I alert Pyrrho but I also notice no one else is complaining since you all suck the dick of Google Chrome. So I spend/waste an hour checking things. So I boot from my clone made twelve hours before. No problem. 15 minutes later problem is solved as the clone reclones my internal hard drive. I also tend to back up "harder data" on a separate HD which I also back up. Music, photos, documents, Pictures of Your Moms, all of that. 2 TB external HD <$100
Cloning program $0-$30ish

I do not trust "offline" monthly fee crap.

Finally, I am sure for PCs there are programs that allow separate encryption of files. When you think about it, ransomware is sort of a global program that does that without your permission . . . which you cannot do ON A MAC . This stuff is designed for people with laptops who are, like, traveling and are reporters and, basically, someone demands you boot your laptop and demands your data--not just steals your laptop. You have basically created areas that cannot be found unless you know where to find them.

In such files goes your tax documents, other financials, That Trump Sex Tape with Lena Dunham . This keeps them all away from prying eyes as well as, you guess it, Wee Beasties since the damn thing cannot access the files.

And, yes, cloning programs can clone all of that as well.

--J.D.
Mob of the Mean: Free beanie, cattle-prod and Charley Fan Club!
"Doctor X is just treating you the way he treats everyone--as subhuman crap too dumb to breathe in after you breathe out."--Don
DocX: FTW.--sparks
"Doctor X wins again."--Pyrrho
"Never sorry to make a racist Fucktard cry."--His Humble MagNIfIcence
"It was the criticisms of Doc X, actually, that let me see more clearly how far the hypocrisy had gone."--clarsct
"I'd leave it up to Doctor X who has been a benevolent tyrant so far."--Grammatron
"Indeed you are a river to your people.
Shit. That's going to end up in your sig."--Pyrrho
"Try a twelve step program and accept Doctor X as your High Power."--asthmatic camel
"just like Doc X said." --gnome

WS CHAMPIONS X3!!! NBA CHAMPIONS!! Stanley Cup! SB CHAMPIONS X5!!!!!
AL Champions!!!

Pyrrho
Posts: 25882
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6
Has thanked: 2714 times
Been thanked: 2767 times

### Re: Osiris Ransomware

What Doctor X said. Also disconnect your backup drive from your system after the backup is complete. I use an external 2TB drive which I only plug in when I want to run a backup.

Which I need to do tonight.

Anyway, you may be able to use the Kaspersky utility to decrypt your files after you've cleaned out the ransomware itself.

https://www.bugsfighter.com/remove-osir ... ris-files/

There are some other decryption utilities out there as well:

Kaspersky, TrendMicro, Avast, and others have free utilities and instructions.

On Winders, I have an Administrator account with all the awesome powers and a standard account without awesome powers. I can only install software if I log on to the Administrator account.

A lot of malware is installed via phony "updates". Caveat clcky.

My work laptop is configured such that if it is lost or stolen, IT can "brick" it remotely. Might be good for parts but that's about it.
The flash of light you saw in the sky was not a UFO. Swamp gas from a weather balloon was trapped in a thermal pocket and reflected the light from Venus.

Doctor X
Posts: 67556
Joined: Fri Jun 04, 2004 8:09 pm
Title: Collective Messiah
Has thanked: 3394 times
Been thanked: 2157 times

### Re: Osiris Ransomware

Indeed, my Ex-HD are "offline" by nature--not connected to the computer.

Your first link promises some hope that gnome's does not --that Kaspersky has an option if you have a copy of a file "somewhere" that is not affected its programs can use to figure out the encryption.

--J.D.
Mob of the Mean: Free beanie, cattle-prod and Charley Fan Club!
"Doctor X is just treating you the way he treats everyone--as subhuman crap too dumb to breathe in after you breathe out."--Don
DocX: FTW.--sparks
"Doctor X wins again."--Pyrrho
"Never sorry to make a racist Fucktard cry."--His Humble MagNIfIcence
"It was the criticisms of Doc X, actually, that let me see more clearly how far the hypocrisy had gone."--clarsct
"I'd leave it up to Doctor X who has been a benevolent tyrant so far."--Grammatron
"Indeed you are a river to your people.
Shit. That's going to end up in your sig."--Pyrrho
"Try a twelve step program and accept Doctor X as your High Power."--asthmatic camel
"just like Doc X said." --gnome

WS CHAMPIONS X3!!! NBA CHAMPIONS!! Stanley Cup! SB CHAMPIONS X5!!!!!
AL Champions!!!

Abdul Alhazred
Posts: 70854
Joined: Mon Jun 07, 2004 1:33 pm
Title: Yes, that one.
Location: Chicago
Has thanked: 3182 times
Been thanked: 1182 times

### Re: Osiris Ransomware

Just curious. How does the malefactor get paid?

Bitcoin?
Any man writes a mission statement spends a night in the box.
-- our mission statement plappendale

Witness
Posts: 16499
Joined: Thu Sep 19, 2013 5:50 pm
Has thanked: 2002 times
Been thanked: 2732 times

### Re: Osiris Ransomware

Anaxagoras wrote:How did you get it?
ed lives dangerously…

Pyrrho
Posts: 25882
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6
Has thanked: 2714 times
Been thanked: 2767 times

### Re: Osiris Ransomware

Abdul Alhazred wrote:Just curious. How does the malefactor get paid?

Bitcoin?
That's the usual demand.
The flash of light you saw in the sky was not a UFO. Swamp gas from a weather balloon was trapped in a thermal pocket and reflected the light from Venus.

ed
Posts: 33069
Joined: Tue Jun 08, 2004 11:52 pm
Title: Rhino of the Florida swamp
Has thanked: 441 times
Been thanked: 754 times

### Re: Osiris Ransomware

<sigh>iles.

I got an email. From FedEx. We do a fair amount of business with FX so getting an email is no biggie. Subject was "undeliverable package" or words to that effect. New one on me but FX changes things every now and then, so no biggie. Seems that the return label was an attachment. Boy, I had problems figuring that one out, couldn't open it. My wife wanted to get a copy of the thing since she handles client service and returns and stuff like that. I nicely sent her a copy.

Shortly thereafter I noted that many many dropbox files were being updated. My my wife was busy. Yes indeed. Then I looked into my drop box. Holy shit. 7000 files with the Osiris extension. That and one HTML file per folder that told you how to log into some web address using the Tor browser. They made no bones about it, it was extortion pure and simple.

I energetically told my wife to pull the plug on her machine. Long story shot the fucking thing started with her local dropbox which then dutifully corrupted the cloud copies then dutifully updated the stuff on my machine. 100% of our business files.

<sigh> That was 1:30 EST. See, I figured that with dropbox I had backups. And they have copies of deleted files. NOT. For some reason the deleted files weren't there. However, my laptop, which has dropbox, died last night. Soooooooo all of the business stuff and my personal stuff is back... wife's machine is a mess though I think that it is mostly photos (!). Also Quickbooks appears to be corrupted. Probably other stuff.

I will read thru the good advice and undoubted mockery in the above posts later or tomorrow. Thanks for all the info.

I do think that I would shoot the perpetrator.
Wenn ich Kultur höre, entsichere ich meinen Browning!

Witness
Posts: 16499
Joined: Thu Sep 19, 2013 5:50 pm
Has thanked: 2002 times
Been thanked: 2732 times

### Re: Osiris Ransomware

↑ We commiserate with you, ed, rest assured.

But as this is one of the rare places where you can laugh of everything…

ed
Posts: 33069
Joined: Tue Jun 08, 2004 11:52 pm
Title: Rhino of the Florida swamp
Has thanked: 441 times
Been thanked: 754 times

### Re: Osiris Ransomware

It is sorta funny.

I see Doc X standing above the fray explaining how you should have backups of everything.

Jesus, with dropbox I didn't think that I needed backups.
Wenn ich Kultur höre, entsichere ich meinen Browning!

Grammatron
Posts: 33470
Joined: Tue Jun 08, 2004 1:21 am
Location: Los Angeles, CA
Been thanked: 1720 times

### Re: Osiris Ransomware

If your wife was in the kitchen making you a sandwich none of this would happen

Doctor X
Posts: 67556
Joined: Fri Jun 04, 2004 8:09 pm
Title: Collective Messiah
Has thanked: 3394 times
Been thanked: 2157 times

### Re: Osiris Ransomware

Pyrrho wrote:Anyway, you may be able to use the Kaspersky utility to decrypt your files after you've cleaned out the ransomware itself.

https://www.bugsfighter.com/remove-osir ... ris-files/
Seems like a place to start and start NOW.

--J.D.
Mob of the Mean: Free beanie, cattle-prod and Charley Fan Club!
"Doctor X is just treating you the way he treats everyone--as subhuman crap too dumb to breathe in after you breathe out."--Don
DocX: FTW.--sparks
"Doctor X wins again."--Pyrrho
"Never sorry to make a racist Fucktard cry."--His Humble MagNIfIcence
"It was the criticisms of Doc X, actually, that let me see more clearly how far the hypocrisy had gone."--clarsct
"I'd leave it up to Doctor X who has been a benevolent tyrant so far."--Grammatron
"Indeed you are a river to your people.
Shit. That's going to end up in your sig."--Pyrrho
"Try a twelve step program and accept Doctor X as your High Power."--asthmatic camel
"just like Doc X said." --gnome

WS CHAMPIONS X3!!! NBA CHAMPIONS!! Stanley Cup! SB CHAMPIONS X5!!!!!
AL Champions!!!

Pyrrho
Posts: 25882
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6
Has thanked: 2714 times
Been thanked: 2767 times

### Re: Osiris Ransomware

Kaspersky has some other utilities

https://noransom.kaspersky.com/

Someone has a list of several others but I can't find it now. You might find expert advice on one of the antivirus companies forums.

The FedEx email attack is very common. The criminals make these things look very legitimate.

You are the victim of a crime.
The flash of light you saw in the sky was not a UFO. Swamp gas from a weather balloon was trapped in a thermal pocket and reflected the light from Venus.

Doctor X
Posts: 67556
Joined: Fri Jun 04, 2004 8:09 pm
Title: Collective Messiah
Has thanked: 3394 times
Been thanked: 2157 times

### Re: Osiris Ransomware

Though I will say this since one of my "catcher" accounts gets these.

The header tells a story, even if forged. You cannot forge it all.

Why is FedEx trying to contact you from outside of the US or from a server that has nothing to do with FedEx or from an address that is not fucking FedEx?!!

Businesses also do not send compressed files.

I know, I know, it is pissing on a grave, but graves exist to remind us all that we are not special.

--J.D.
Mob of the Mean: Free beanie, cattle-prod and Charley Fan Club!
"Doctor X is just treating you the way he treats everyone--as subhuman crap too dumb to breathe in after you breathe out."--Don
DocX: FTW.--sparks
"Doctor X wins again."--Pyrrho
"Never sorry to make a racist Fucktard cry."--His Humble MagNIfIcence
"It was the criticisms of Doc X, actually, that let me see more clearly how far the hypocrisy had gone."--clarsct
"I'd leave it up to Doctor X who has been a benevolent tyrant so far."--Grammatron
"Indeed you are a river to your people.
Shit. That's going to end up in your sig."--Pyrrho
"Try a twelve step program and accept Doctor X as your High Power."--asthmatic camel
"just like Doc X said." --gnome

WS CHAMPIONS X3!!! NBA CHAMPIONS!! Stanley Cup! SB CHAMPIONS X5!!!!!
AL Champions!!!

Anaxagoras
Posts: 21506
Joined: Wed Mar 19, 2008 5:45 am
Location: Yokohama/Tokyo, Japan
Has thanked: 1394 times
Been thanked: 1188 times

### Re: Osiris Ransomware

That really sucks Ed.

Maybe this situation calls for hiring a professional?
A fool thinks himself to be wise, but a wise man knows himself to be a fool.
William Shakespeare

gnome
Posts: 22087
Joined: Tue Jun 29, 2004 12:40 am
Location: New Port Richey, FL
Has thanked: 362 times
Been thanked: 394 times

### Re: Osiris Ransomware

Was the attachment an executable? I'm trying to find out from your experience what the actual trigger event was. Help me look out for that sort of thing myself.
"If fighting is sure to result in victory, then you must fight! Sun Tzu said that, and I'd say he knows a little bit more about fighting than you do, pal, because he invented it, and then he perfected it so that no living man could best him in the ring of honor. Then, he used his fight money to buy two of every animal on earth, and then he herded them onto a boat, and then he beat the crap out of every single one. And from that day forward any time a bunch of animals are together in one place it's called a zoo! (Beat) Unless it's a farm!"
--Soldier, TF2