How to recover files encrypted by Osiris ransomware?

by Ugnius Kiguolis - -


Issue: How to recover files encrypted by Osiris ransomware?

I need your help urgently!! I lost access to photos and docs on stored on my PC. It seems that they are locked because all of them carry .osiris file extension. I have zero backups and already feel frustrated!!! Please tell me if it’s possible to get my files back?

Solved Answer


Osiris ransomware is a serious virus which belongs to the notorious Locky family. In comparison to the earlier versions, Osiris stands out as one of the most dangerous due to the fact that it’s capable of injecting computers without being noticed by anti-virus programs. According to the recent research, the detection ratio is 8/56. The dissemination of Osiris do not deviate from its ancestors, meaning that it’s typicaly spread via attachments of spam emails. The subject of such emails is “Photo/Scan/Document from office” and the .zip file is always attached. Osiris and other Locky virus versions may be dispersed in spam messages on Facebook as well, which contain a photo_9166.svg file.[5] file. When the malicious file is opened, the system downloads .vbs file, which connects to the Internet and downloads the Osiris ransomware immediately. After that, the virus scans the system and within a couple of minutes encrypts the files that conform to the target file extensions list. For this purpose, it uses RSA-2048 and AES-128 encryption models. All encoded files get .osiris file extension and are renamed by a set of symbols, 16 of which represent victim’s ID and the rest 12 are random.

Unfortunately, but Locky and its variants are very serious computer infections, so expecting that retrieving personal data without paying the ransom will be easy is naive. When the virus finishes the encryption procedure, victim’s desktop picture is changed with a Locky wallpaper and the instructions on how the ransom has to be paid are displayed. Osiris ransomware offers to buy  Locky Decryptor for 0.5-4 Bitcoins; however, the chances that this tool will restore your files are very low. Instead of that, you may enroll your PC into the botnet of spam leading to further infections and cyber crimes. Therefore, our strongest recommendation would be to remove Osiris ransomware or another Locky virus variant with a professional anti-malware tool, such as Reimage and then try to recover your data using backups or data recovery tool.

NOTE: before you start with the file decryption, make sure that you have removed Osiris virus permanently. For this purpose, run a full system scan with a respectful and updated antivirus tool and let it remove all the malicious files and codes.

You can always restore files from USB, CD, DVD, cloud storage or hard disk. Unfortunately, that’s not possible if you have never created backups, data recovery is not possible. In this case, you can try using a data recovery tool.

Method 1. Decrypt data with Data Recovery Pro

Recover now! Recover now!
To recover needed system components, please, purchase the licensed version of Reimage Reimage recovery tool.

Data Recovery Tool has been developed to help people restore personal files that were accidentally deleted or lost after a system crash. However, its developers took into account malicious activities of ransoware viruses and improved the software in a way it could restore at least a part of virus-infected files. Therefore, this software is worth given.

  1. Download Data Recovery Pro and run the setup file.
  2. Follow the instructions.
  3. Set the software to run a scan. Wait for it to finish and see what files did it manage to find.
  4. Select corrupted files and click Recover.

Method 2. Enable Windows Previous Versions feature

Recover now! Recover now!
To recover needed system components, please, purchase the licensed version of Reimage Reimage recovery tool.

This option is available only if System Restore function has been enabled on your PC. If it was, you have to access the latest copy of your files and restore it manually. Unfortunately, but using this method you will have to restore each file separately.

  1. Find the file that has been encrypted by Osiris ransomware and right-click on it.
  2. Select Properties and click on Previous Versions tab.
  3. Open Folder versions and find all available copies of the file.
  4. Select the last version and click Restore.

Method 3. Retrieve Shadow Volume Copies

Recover now! Recover now!
To recover needed system components, please, purchase the licensed version of Reimage Reimage recovery tool.

In case you are dealing with a virus, which does not affect Shadow Volume Copies, then it won’t be difficult to retrieve damaged files. Shadow Volume Copies are file copies that are automatically created and stored on the system. If these copies are not damaged by the ransomware, it’s possible to use ShadowExplorer utility and restore these copies. Unfortunately, but Locky and previous varients are know for affecting shadow volume copies as well, but it’s not clear if Osiris virus damages them as well, so it’s worth trying this app as well.

  1. Download and run the program. You may find it here.
  2. Launch the software and find the folder that you want to restore the first.
  3. Click on it and select Export.
  4. Repat the same with all folders that contain compromised files.

Recover files and other system components automatically

To recover your files and other system components, you can use free guides by experts. However, if you feel that you are not experienced enough to implement the whole recovery process yourself, we recommend using recovery solutions listed below. We have tested each of these programs and their effectiveness for you, so all you need to do is to let these tools do all the work.

do it now!
recovery software Happiness
do it now!
recovery software Happiness
Compatible with Microsoft Windows Compatible with OS X
Do you have any trouble?
If you are having problems related to Reimage, you can reach our tech experts to ask them for help. The more details you provide, the better solution they will provide you.
Reimage - a patented specialized Windows repair program. It will diagnose your damaged PC. It will scan all System Files, DLLs and Registry Keys that have been damaged by security threats.Reimage - a patented specialized Mac OS X repair program. It will diagnose your damaged computer. It will scan all System Files and Registry Keys that have been damaged by security threats.
This patented repair process uses a database of 25 million components that can replace any damaged or missing file on user's computer.
To repair damaged system, you have to purchase the licensed version of Reimage malware removal tool.

Prevent websites, ISP, and other parties from tracking you

Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.

A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.

Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.


Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.

Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.

Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The problem solver

Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.

Contact Ugnius Kiguolis
About the company Esolutions

Read in other languages

What you can add more about the problem: "How to recover files encrypted by Osiris ransomware?"