Locky-Osiris is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on December 1, 2016, this ransomware has been actively targeting systems worldwide.
Quick Facts
Ransomware Family
Locky-Osiris
First Seen
December 1, 2016
How Locky-Osiris Ransomware Works
Targeted Files
Filenames -> DF383II5--4B71--81KI--FB05569B--F88EF362D29D.osiris
53a9fedfab0d20d64916f1a03620e2be255c5d8ec334370999f0dd03ca7a7624 -> vape param for dll
File Encryption Patterns
Locky-Osiris modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..osiris
Ransom Note and Payment Demands
After encrypting files, Locky-Osiris displays ransom notes demanding payment for file recovery:
fileDesktopOSIRIS.htm
Ransom message:
notes/DesktopOSIRIS.htm
Note locations:
UserProfile
file/^OSIRIS-[a-f0-9]{4}\.htm\b/
Ransom message:
notes/OSIRIS-d004.htm
Note locations:
EveryFolder
screenshot
Ransom message:
notes/DesktopOSIRIS.bmp
Note locations:
Desktop
Technical Indicators
Associated Executable Files
The following executable files are associated with Locky-Osiris ransomware:
fQuANqFwqs3.dll
0.exe
a.exe
cSzdajLDLSL1.dll
DvNfXSRc3.dll
DvNfXSRc4.dll
874ghv3.dll
clsooach1.feds.4048.dr
sonmoga1.rudf.2952.dr
WHByTsevns1.dll
AiOzztua1.dll
azXaCUy1.dll
1.js
Item-Delivery-Details-00659753.doc.wsf
Nfr Calculates
8398f3b.png
28dc3b294da79.png
69d420ae5f7b6.png
580382ee.png
e878d4b186a6df9c.png
f7ad0.png
7d5ed.png
f3ba75f8.png
77a5b3139.png
0c776bba7b9.png
47e66ff4ba0308.png
5.png
32.png
047.png
57.png
a7874be441e51887.png
f28ba1131dd03fa.png
724.png
1bde2880e3f67ee.png
2707.png
5cb6b2f5e2585885.png
96f6bf527.png
1f57706f283d1d3.png
c902f7ad93.png
c8f18a4ba22232.png
f0cbcfc.png
1859cad102310b0.png
cc2376fed.png
e9b5a1b84eb4d0a.png
e5026.png
42c6d1a339.png
9.png
3d0b067bbd.png
c5c54b56258.png
acab516b.png
91c.png
e48f518bd8.png
2a4de7fc6.png
f268bb.png
5818.png
104206.png
029f18730.png
ff.png
a1.exe
25a10c38cfc4.png
70152669.png
718a.png
Elastio Can Help You
Don't let Locky-Osiris ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
This Locky-Osiris ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Locky-Osiris.