New Locky .OSIRIS Ransomware Infections (Update April 2017) - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

New Locky .OSIRIS Ransomware Infections (Update April 2017)

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Locky .OSIRIS and other threats.
Threats such as Locky .OSIRIS may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article informs on Locky .OSIRIS ransomware and will show you how to remove .OSIRIS Locky virus and restore encrypted files.

A rise in the infection rate of the Locky .OSIRIS ransomware virus has been reported by security researchers. The virus has begun to spread with the same massive spam e-mail campaigns that have documents with malicious macros within them. If the ones spreading Locky .OSIRIS ransomware are back on track, then infections are expected to rise even more.

The Infection Method of Locky Ransomware

For the infection, this new spam wave of Locky uses pre-set list of e-mail addresses which are not flagged as spam. These sender addresses send a receipt in the form of an Adobe .PDF file, that has a name similar to “P23123.pdf”. The topic of the e-mail uses the word “Reciept” in it, making it seem that it has been sent as a form of some payment that the user has not made. In addition to this, convincing statements may be made in the e-mail’s body to further get the user to open the infection file.

Whatever the case may be, once this .PDF document is opened, it contains a document with the .docm file extension inside, which can be opened via Microsoft Word. This document can only be opened via opening the .PDF file. As soon as the word file is opened, it displays a fake text, with the following content:

This Document is protected!
1 Open the document in Microsoft Office. Previewing offline is not available for protected documents.
2 If this document was downloaded from your email, please click “Enable editing” from the yellow bar above.
3 Once you have enable editing please click on “Enable content” on the yellow bar above.

As soon as the user clicks on the “Enable content” button, infection with .OSIRIS Locky becomes inevitable.

Similar to other Locky variants, the virus’s first action is to delete the shadow volume copies from the computer which is infected, by executing the vssadmin command:

→ vssadmin delete shadows /all /quiet

For connection this Locky .OSIRIS iteration uses the hosts 188.120.239.230 and 80.85.158.212 to which it connects and sends information.

How to Remove Locky and Recover .OSIRIS Files

The bad news is that at this point, there is no current method of decrypting files that have been encrypted by the Locky ransomware infection, since the encryption used by .OSIRIS is very strong.However, there are several methods which you can try to get back a at least a portion of the files encoded with the .OSIRIS extension added to them. For more information on how to remove Locky .OSIRIS and protect your computer in the future, please see the removal instructions below. For alternative data recovery method, see step “2. Restore files encrypted by Locky .OSIRIS”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...