Blog

Ranstop protects files against the “.Osiris” variant of Locky – Temasoft Lab Demo

Case subject – A Locky variant nicknamed “.Osiris” (Virustotal details)

For this test, the TEMASOFT Research Lab Team let loose one of the latest Locky variants, which features many improvements regarding speed, obfuscation, and strength of the cryptography. The malware uses multiple processes to ensure coverage for as many files as possible and usually gets delivered as part of SPAM campaigns containing malicious attachments that execute as macros and install the ransomware payload. The encrypted files receive the .osiris extension, and a ransom note is shown as soon as the process is complete. However, there are reports that many Locky variants to not restore files once ransom has been paid, so going ahead with payment is unadvisable and will most probably not solve the problem.

Case facts

TEMASOFT Ranstop detects and stops this variant in around 2 seconds, time in which the ransomware managed to encrypt over 200 files on the local hard drive. CryptoLocker, for example, only encrypted several tens of files in triple the time.

At this rate, an entire system may be compromised between 10 minutes and half an hour.

As soon as the malware is detected and stopped, the executables are being quarantined, and an incident is logged into the TEMASOFT Ranstop Console. At the same time, the files damaged by “.Osiris” Locky are automatically restored at their original location and can be observed alongside the encrypted copies, bearing the .osiris mark.

Case Conclusion

TEMASOFT Ranstop handled this fast Locky variant very well by stopping it in a matter of seconds, restoring damaged files automatically and preserving the system integrity.


Click here to watch TEMASOFT Ranstop in action (video)!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.

This post was last modified on August 21, 2023 7:27 am

Calin Ghibu

Technical background: over 15 years experience in testing, developing, researching and managing network security solutions. Currently focusing on information security and IT management. Specialties: Network audit, information security, web security, endpoint security, perimeter security SIEM, legal compliance, competitive intelligence.

Share
Published by
Calin Ghibu
Tags: ranstop

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023