Osiris is a new ransomware strain discovered in November 2025 that targeted a Southeast Asian food service operator using a BYOVD (Bring Your Own Vulnerable Driver) attack with the POORTRY driver to disable security software. The ransomware uses hybrid encryption with unique keys per file and can terminate processes and services. Researchers found potential links to INC ransomware operators through shared tools and techniques. The attack involved data exfiltration to Wasabi cloud storage using Rclone, deployment of dual-use tools like Netscan and MeshAgent, and custom Rustdesk software. Ransomware attacks increased 0.8% in 2025 to 4,737 claimed incidents, with Akira, Qilin, and Play among the most active groups. The report also details recent developments including LockBit 5.0's two-stage deployment model, new RaaS operations like Sicarii, and various attack techniques exploiting RDP vulnerabilities.
Sort: