Osiris Ranswomware
Hello Everyone,
I am trying to help a friend to decrypt his files from the randsomware OSIRIS. I have removed the virus already and followed a two videos on youtube that were using tesla tool to decrypt them but it doesn't work.
anybody I know this is not easy ...but I know that must be a way to fix this
I am running windows 7 professional
thank you,
I am trying to help a friend to decrypt his files from the randsomware OSIRIS. I have removed the virus already and followed a two videos on youtube that were using tesla tool to decrypt them but it doesn't work.
anybody I know this is not easy ...but I know that must be a way to fix this
I am running windows 7 professional
thank you,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Then the files are gone. I would not pay ransom (some people do) but I do not recommend that.
So the files are gone.
Please teach your customer not to open strange emails. Delete them on sight.
So the files are gone.
Please teach your customer not to open strange emails. Delete them on sight.
ASKER
really,...why youtube post so many video about how to decrypt the files but non works :)
ASKER
JOhn this is the first time that Expert Exchange has no the right antidote so some damages :)
That is because newer AES encryption is nearly unbreakable.
ASKER
so you are saying that if she have had a backup on that external hard drive it wouldn't have been affected by the Osiris virus ?
in the ecternal hard drive she has the data saved in folders and they are all affected
in the ecternal hard drive she has the data saved in folders and they are all affected
An external hard drive is tightly coupled so that is why the malware infected it.
True backups should be removed and rotated or on another machine.
True backups should be removed and rotated or on another machine.
ASKER
if i setup windows backup to backup her data on an external hard drive, that backup should be encapsulated.
do you think that that backup can be affected by the ransomware ?
do you think that that backup can be affected by the ransomware ?
I cannot say for certain. Encrypted, encapsulated files are sometimes not affected.
Backup drives should be removed except for the backup operation.
Backup drives should be removed except for the backup operation.
ASKER
ok good idea so create a backup and unplug the external USB drive ? Correct ?
Yes.
ASKER
ok thank you.
malware will attack any file that they have access to. This is why I backup to the cloud and not use mapped drives
The computer industry has had the 3-2-1 rule for backups for a long time
3 copies, 2 different media, 1 being offsite. And any backup that you haven't tested a restore is not a backup
The computer industry has had the 3-2-1 rule for backups for a long time
3 copies, 2 different media, 1 being offsite. And any backup that you haven't tested a restore is not a backup
You are very welcome. Sorry about the situation but I was happy to provide the steps above
And post note, also follow David's advice above
John is correct when it comes to rotating backups. You need some form of versioning backup and it is essential that there be 2 copies of the drive. When one is connected the other should not be.
I also always recommend at least one cloud backup.
On another note, doxware is on the rise in which case all sensitive documents should be encrypted.
I also always recommend at least one cloud backup.
On another note, doxware is on the rise in which case all sensitive documents should be encrypted.
ASKER
John, Thomas David,
I use the my cloud ex4100 at home. It is connected to my router and I have a mapped drive to it. Can the Osiris or any other ransomware affect my data ?
I use the my cloud ex4100 at home. It is connected to my router and I have a mapped drive to it. Can the Osiris or any other ransomware affect my data ?
ASKER
David great recommendation, thank you...
Yes. A mapped drive can be affected as well as unmapped drives. Encryption will only help with doxware not any other type of ransomware.
Backup your storage to the cloud using something like Crashplan (free for local backup).
Is you storage device Linux based? If so you will need to do a headless install of Crashplan.
Backup your storage to the cloud using something like Crashplan (free for local backup).
Is you storage device Linux based? If so you will need to do a headless install of Crashplan.
ASKER
Ok thank you, no Linux in. Y environment.
Check, but I believe anything other than Windows or MACOS may have the same problem. The ex4100 is a NAS and most NASes are Linux based. Although that is a WD NAS, it must have some OS and I have never heard of Y.
ASKER
Question: if I restore that Computer to an earlier point, before it was infected with Osiris virus, I will be able to read again my documents ?
No, because restoring to a prior point affects software, not documents.
Hi Italiabella,
Here's an article that you may find helpful:
How to find out programs, files which will be affected after a System Restore
Regards, Joe
Here's an article that you may find helpful:
How to find out programs, files which will be affected after a System Restore
Regards, Joe
ASKER
Ok thank you both of you.
ASKER
John & Joe,
One more question please. Can Osiris affect data that my clients have stored in the cloud Office 365 ? or in Carbonite ?
Thank you,
One more question please. Can Osiris affect data that my clients have stored in the cloud Office 365 ? or in Carbonite ?
Thank you,
If you are actively using files in the cloud, it might. If the files are not active, I don't think so.
I do not think ransomware can get to your Carbonite backup.
I do not think ransomware can get to your Carbonite backup.
ASKER
my clients is accessing daily their files on office 365...
Make sure your spam filter is top notch as that is the best way to stop ransomware.
ASKER