Osiris
Osiris is ransomware first observed in November 2025.
Profile source: Ransomware.live opens in a new tabOsiris
Family profile
Osiris is ransomware first observed in November 2025. Reported intrusions used credential theft, remote-management tools, data exfiltration, and vulnerable-driver abuse before encryption. It is separate from the 2016 Locky variant and other malware also called Osiris.
Ransomware.live
Operational record
Reporting
Research mentioning Osiris
AI Development & Software Engineering | CloudATG
...a new ransomware family called Osiris...
26th January - Threat Intelligence Report - Check Point Research
"Researchers revealed a new ransomware family, Osiris, that blends legitimate Windows tools with custom malware to infiltrate networks and deploy encryption."
"Osiris" Rises: New Ransomware Targets Southeast Asian Food Giant with Advanced Tactics
“Dubbed Osiris, this fresh threat was first spotted in November 2025… [and] creates a ransom note titled Osiris-MESSAGE.txt.”
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81
"Osiris: New Ransomware, Experienced Attackers?"
Security Affairs newsletter Round 560 by Pierluigi Paganini - INTERNATIONAL EDITION
Osiris ransomware emerges, leveraging BYOVD technique to kill security tools
Osiris ransomware emerges, leveraging BYOVD technique to kill security tools
Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools.
Improperly patched bug exploited again in Fortinet firewalls
"Osiris ransomware: Symantec looks at Osiris, a new ransomware family that launched operations in November of last year. The ransomware has been dormant for a few weeks now, though."
New Osiris Ransomware Using Wide Range of Living off the Land and Dual-use Tools in Attacks
A newly discovered ransomware family called Osiris launched attacks against a major food service company in Southeast Asia during November 2025.