Jump to content

Infected by Ramsomeware - Locky V2 December 2016 Edition

Recommended Posts

Hi Team,

I have a netgear Ready NAS which has got all my data. Its not running any snapshots and the operating system is Windows 7 PRO. My shared files got infected by ramsomeware and got an extension *.osiris

Is there a way to decrypt these files to access my data. These are all very crucial file and let us know a way to fix this. We have cleared all infected machines by a re installation as of now to keep things running.

Your support will be much appreciated




Link to post
Share on other sites

"Osiris" is a Locky ransomware variant.


Unfortunately Locky is one of the ones that uses a secure encryption on the files, and the private key to decrypt them can only be obtained by paying the ransom. Currently, there is no reliable way to recover files encrypted by Locky.


If you take your computer to a computer repair place for assistance, then you can let them know the following (they should understand what it means):


Locky deletes Volume Shadow Copies to prevent people from using ShadowExplorer to find backups of the files that were saved automatically, however it doesn't do this securely. There have been reports of people being able to use a file undelete utility such as Recuva to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies the odds of there being backup copies of important files in them are low, to begin with. That being said, it's probably still the best chance for recovery any of the files without paying the ransom.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...