Image

.osiris Locky Gets Better at Avoiding Detection
No user wants to see the .osiris file extension appended to their files. Unfortunately, ransomware as sophisticated as Locky tends to find its way into users’ computers quite easily, as evident by its constantly increasing infection rates. Furthermore, Locky’s code has been improved once again to avoid detection. Not surprisingly, the ransomware is distributed via a spam campaign delivering blank emails or such with one single line them, as discovered by researchers. Usually the one-liner emails urge users to open the attached files. The email attachments have unusual extensions, such as .342, .343, .552, or .xls, .tdb, .zk. Here is an example of the latest spam campaign spreading the .osiris iteration of Locky:From: “Marina” Subject: Emailing: _0828817_36073220 Your message is ready to be sent with the following file or link attachments: _0828817_36073220 Attachment: _0828817_36073220.xlsSuch attachments typically contain a Microsoft Word file that prompts the potential victim to enable macros. Once executed, the targeted computer becomes infected with Locky. As a result, all the victim’s files are encrypted, and a ransom note is displayed on the desktop. The note with the payment instructions is saved as a file dubbed OSIRIS-([a-z0-9])\.htm. The symbols within the brackets are randomized numbers and letters.
Image

Why .osiris Locky Victims Shouldn’t Pay the Ransom
Victims of previous Locky campaigns have reported that paying the ransom to cybercriminals didn’t help with recovering their files. Victims should neither pay the ransom nor should they attempt any communication with cybercriminals. The more money crooks receive, the more money they have to further develop their malicious, file-encrypting operations. Unfortunately, the continuous sophistication of Locky only proves that cybercriminals are getting better at what they do. For now, there is no decrypter to help victims of the crypto menace, and most likely there will never be. Locky uses a combination of RSA-2048 and AES-128 – two very strong encryption algorithms. Victims could still try restoring their files with data recovery software and should start backing up their data from now on. In the meantime, we all should pray that whoever is behind Locky will soon end up behind bars.Image
