How to recover files encrypted by Osiris ransomware?

Issue: I need your help urgently!! I lost access to photos and docs on stored on my PC. It seems that they are locked because all of them carry .osiris file extension. I have zero backups and already feel frustrated!!! Please tell me if it’s possible to get my files back?

Solved Answer

Osiris ransomware is a serious virus which belongs to the notorious Locky family. In comparison to the earlier versions, Osiris stands out as one of the most dangerous due to the fact that it’s capable of injecting computers without being noticed by anti-virus programs. According to the recent research, the detection ratio is 8/56. The dissemination of Osiris do not deviate from its ancestors, meaning that it’s typicaly spread via attachments of spam emails. The subject of such emails is “Photo/Scan/Document from office” and the .zip file is always attached. Osiris and other Locky virus versions may be dispersed in spam messages on Facebook as well, which contain a photo_9166.svg file.[5] file. When the malicious file is opened, the system downloads .vbs file, which connects to the Internet and downloads the Osiris ransomware immediately. After that, the virus scans the system and within a couple of minutes encrypts the files that conform to the target file extensions list. For this purpose, it uses RSA-2048 and AES-128 encryption models. All encoded files get .osiris file extension and are renamed by a set of symbols, 16 of which represent victim’s ID and the rest 12 are random.

Unfortunately, but Locky and its variants are very serious computer infections, so expecting that retrieving personal data without paying the ransom will be easy is naive. When the virus finishes the encryption procedure, victim’s desktop picture is changed with a Locky wallpaper and the instructions on how the ransom has to be paid are displayed. Osiris ransomware offers to buy Locky Decryptor for 0.5-4 Bitcoins; however, the chances that this tool will restore your files are very low. Instead of that, you may enroll your PC into the botnet of spam leading to further infections and cyber crimes. Therefore, our strongest recommendation would be to remove Osiris ransomware or another Locky virus variant with a professional anti-malware tool, such as FortectMac Washing Machine X9 and then try to recover your data using backups or data recovery tool.

NOTE: before you start with the file decryption, make sure that you have removed Osiris virus permanently. For this purpose, run a full system scan with a respectful and updated antivirus tool and let it remove all the malicious files and codes.

You can always restore files from USB, CD, DVD, cloud storage or hard disk. Unfortunately, that’s not possible if you have never created backups, data recovery is not possible. In this case, you can try using a data recovery tool.

Method 1. Decrypt data with Data Recovery Pro

Data Recovery Tool has been developed to help people restore personal files that were accidentally deleted or lost after a system crash. However, its developers took into account malicious activities of ransoware viruses and improved the software in a way it could restore at least a part of virus-infected files. Therefore, this software is worth given.

  1. Download Data Recovery Pro and run the setup file.
  2. Follow the instructions.
  3. Set the software to run a scan. Wait for it to finish and see what files did it manage to find.
  4. Select corrupted files and click Recover.

Method 2. Enable Windows Previous Versions feature

Recover now! Recover now!
To recover needed system components, please, purchase the licensed version of Fortect Mac Washing Machine X9 recovery tool.

This option is available only if System Restore function has been enabled on your PC. If it was, you have to access the latest copy of your files and restore it manually. Unfortunately, but using this method you will have to restore each file separately.

  1. Find the file that has been encrypted by Osiris ransomware and right-click on it.
  2. Select Properties and click on Previous Versions tab.
  3. Open Folder versions and find all available copies of the file.
  4. Select the last version and click Restore.

Method 3. Retrieve Shadow Volume Copies

In case you are dealing with a virus, which does not affect Shadow Volume Copies, then it won’t be difficult to retrieve damaged files. Shadow Volume Copies are file copies that are automatically created and stored on the system. If these copies are not damaged by the ransomware, it’s possible to use ShadowExplorer utility and restore these copies. Unfortunately, but Locky and previous varients are know for affecting shadow volume copies as well, but it’s not clear if Osiris virus damages them as well, so it’s worth trying this app as well.

  1. Download and run the program. You may find it here.
  2. Launch the software and find the folder that you want to restore the first.
  3. Click on it and select Export.
  4. Repat the same with all folders that contain compromised files.

Recover files and other system components automatically

To recover your files and other system components, you can use free guides by experts. However, if you feel that you are not experienced enough to implement the whole recovery process yourself, we recommend using recovery solutions listed below. We have tested each of these programs and their effectiveness for you, so all you need to do is to let these tools do all the work.

do it now!
recovery software Happiness
do it now!
recovery software Happiness
Compatible with Microsoft Windows Compatible with OS X
Do you have any trouble?
If you are having problems related to FortectMac Washing Machine X9, you can reach our tech experts to ask them for help. The more details you provide, the better solution they will provide you.
Fortect - a patented specialized Windows repair program. It will diagnose your damaged PC. It will scan all System Files, DLLs and Registry Keys that have been damaged by security threats.Mac Washing Machine X9 - a patented specialized Mac OS X repair program. It will diagnose your damaged computer. It will scan all System Files and Registry Keys that have been damaged by security threats.
This patented repair process uses a database of 25 million components that can replace any damaged or missing file on user's computer.
To repair damaged system, you have to purchase the licensed version of Fortect malware removal tool.To repair damaged system, you have to purchase the licensed version of Mac Washing Machine X9 malware removal tool.

Prevent websites, ISP, and other parties from tracking you

To stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous by encrypting all information, prevent trackers, ads, as well as malicious content. Most importantly, you will stop the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.


Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost. To recover lost files, you can use Data Recovery Pro – it searches through copies of files that are still available on your hard drive and retrieves them quickly.


About the author
Ugnius Kiguolis
Ugnius Kiguolis - The problem solver

Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.

Contact Ugnius Kiguolis
About the company Esolutions

Read in other languages

What you can add more about the problem: "How to recover files encrypted by Osiris ransomware?"