Researchers disclosed a new ransomware family called Osiris that struck a major food service franchisee in Southeast Asia in November 2025, leveraging a custom driver named POORTRY in a BYOVD-style attack to disable security and exfiltrate data to Wasabi cloud buckets. Osiris uses hybrid per-file encryption, can stop services and kill numerous processes, and investigators found links to prior INC ransomware activity and broad use of living-off-the-land and dual-use tools. #Osiris #POORTRY
Keypoints
- Osiris is a newly identified ransomware strain that targeted a Southeast Asian food service franchisee in November 2025.
- The attack used a bespoke POORTRY driver in a BYOVD-style effort to disable security software and elevate privileges.
- Attackers exfiltrated data to Wasabi cloud buckets using Rclone before deploying the ransomware.
- Osiris employs hybrid encryption with unique keys per file and can stop services, terminate processes, and drop ransom notes.
- Investigators noted potential links to INC ransomware and recommend monitoring dual-use tools, restricting RDP, enforcing MFA, allowlisting, and off-site backups.
Read More: https://thehackernews.com/2026/01/new-osiris-ransomware-emerges-as-new.html