[Virus/Malware Activity Report: Osiris Ransomware]

A breach believed to be in the form of Osiris ransomware has occurred, and
we would like to confirm the situation and provide a warning as follows.

Osiris ransomware

The ransomware in question is called Osiris and all files with random ID (8 digits)--random ID (4 digits)--random ID (4 digits)--random ID (8 digits)--random ID (12 digits).osiris appears to be changing.

How it works

file version

[Figure 1 Ransomware compiler information]

[Figure 2 File information in window properties]

Ransomware operation characteristics

• Use Windows built-in password function

  Encryption is performed using the BCrypt function supported by Windows.

  
  [Figure 3 BCryptEncrypt API use during dynamic execution]

• Change desktop ransom image

  Create an image in the User/user account folder and change it to the desktop.

  
  [Figure 4 Image created in user account folder]

  
  [Figure 5 Regestry changes during dynamic execution]

Infection results

The information file DesktopOSIRIS.htm is created in each path, and when encryption is performed < Random ID (8 digits)--Random ID (4 digits)--Random ID (4 digits)--Random ID (8 digits)-- Change the files to random ID (12 digits).osiris > and change the desktop when complete.

[Figure 6 Infection results]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

[Figure 10 Block message]

Watch the Osiris blocking video