keenlogic

Osiris encryptor/decryptor

Recommended Posts

@Thondar do not piggyback another's support request.  Especially support threads in this forum.

"Osiris" is a Locky ransomware variant.

 

Unfortunately Locky is one of the ones that uses a secure encryption on the files, and the private key to decrypt them can only be obtained by paying the ransom. Currently, there is no reliable way to recover files encrypted by Locky.

 

If you take your computer to a computer repair place for assistance, then you can let them know the following (they should understand what it means):

 

Locky deletes Volume Shadow Copies to prevent people from using ShadowExplorer to find backups of the files that were saved automatically, however it doesn't do this securely. There have been reports of people being able to use a file undelete utility such as Recuva to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies the odds of there being backup copies of important files in them are low, to begin with. That being said, it's probably still the best chance for recovery any of the files without paying the ransom. 

Share this post


Link to post
Share on other sites

Thanks Kevin. I am the IT support for this. I was just wondering if there was a decryptor available. I have rebuilt this computer now. I appreciate your response.

 

Take care,

Mike

Share this post


Link to post
Share on other sites

Mike,

Unfortunately, the coders behind Locky and its variants actually get encryption right. Which in turns makes life difficult for its victims.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.