Security experts have sounded the alarm over a dangerous new player in the world of cybercrime. This fresh threat, named Osiris, recently hit a major food service company in Southeast Asia, marking its territory with a sophisticated and destructive approach. While the name might sound familiar to long-time tech observers, researchers from Symantec and Carbon Black are quick to point out that this is not the old Locky variant from 2016. This is a brand-new, ground-up creation designed for maximum damage in the modern era.

A New Level of Digital Sabotage

The way Osiris breaks into systems is particularly clever and concerning. It uses a technique called “Bring Your Own Vulnerable Driver” (BYOVD), but with a nasty twist. Usually, hackers use a legitimate but buggy driver to trick a computer into letting them in. However, Osiris uses a custom-made malicious driver known as POORTRY. This “bespoke” tool is specifically built to hunt down and kill antivirus programs, leaving the target’s network completely defenseless before the actual ransomware starts its work.

Once the security doors are kicked down, the attackers don’t just lock the files; they steal them first. Evidence shows they use common cloud storage tools like Wasabi to stash stolen data. This gives them double the leverage: they can demand money to unlock your computers and more money to keep your private data off the public internet.

Links to Known Criminal Groups

While it is not yet clear who is officially running the Osiris show, detectives have found some “fingerprints” left behind at the crime scene. The tools and methods used—specifically a modified version of a password-stealing program called Mimikatz—match tactics previously seen from the INC ransomware group. This suggests that the people behind Osiris might be seasoned veterans who have simply rebranded or launched a new project to stay ahead of the law.

The ransomware itself is a powerhouse of efficiency. It uses a “hybrid” encryption method, meaning it generates a unique lock for every single file it touches. It doesn’t just sit there, either; it actively searches for and kills processes related to Microsoft Office, email servers, and even backup systems like Veeam. By destroying backups, the attackers ensure that the victim has almost no choice but to pay up.

A Growing Global Crisis

Osiris is just one part of a massive surge in digital extortion. In 2025 alone, there were over 4,700 reported ransomware attacks, a steady climb from the previous year. The landscape is crowded with dangerous names like Akira, Qilin, and LockBit. These groups are constantly evolving, sometimes teaming up to share resources or attacking through “backdoors” like vulnerable VPNs and remote desktop connections.

One of the most worrying trends is the rise of “false flag” operations. A new group called Sicarii has popped up, claiming to be from Israel, yet all their technical chatter is in Russian and their Hebrew is full of basic mistakes. This kind of deception makes it harder for international police to track down the real culprits. Meanwhile, other groups like Makop and 01flip are targeting everything from India to Brazil, proving that no region or industry is safe from these digital predators.

How to Fight Back

As these attacks get more common and more complex, businesses are being told to batten down the hatches. Experts say the best defense is a mix of common sense and tight security. This includes turning on Two-Factor Authentication (2FA) for everything, strictly limiting who can access remote desktops, and keeping backups in a location that is not connected to the main network. Without a “cold” backup, a hit from a strain like Osiris could mean the permanent loss of years of work, especially since some ransomware—like the Obscura family—is so poorly written that it actually breaks large files permanently during the locking process.