Osiris Ransomware Leverages POORTRY Driver in BYOVD Attack

First reported

22.01.2026 20:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A new ransomware family called Osiris has emerged, targeting a major food service franchisee operator in Southeast Asia in November 2025. The attack utilized a malicious driver named POORTRY as part of a bring your own vulnerable driver (BYOVD) technique to disable security software. Osiris employs a hybrid encryption scheme and is assessed to be a new strain with no links to the 2016 Locky ransomware variant of the same name. The attackers exfiltrated data to Wasabi cloud storage and used dual-use tools like Netscan, Netexec, and MeshAgent, along with a custom version of Rustdesk remote desktop software. The attack also involved enabling RDP for remote access and deploying the KillAV tool to terminate security processes.

Timeline

22.01.2026 20:00 1 articles · 23h ago

Osiris Ransomware Targets Food Service Franchisee in Southeast Asia
In November 2025, the Osiris ransomware targeted a major food service franchisee operator in Southeast Asia. The attack leveraged the POORTRY driver in a BYOVD technique to disable security software. The attackers exfiltrated data to Wasabi cloud storage and used dual-use tools like Netscan, Netexec, and MeshAgent, along with a custom version of Rustdesk remote desktop software. The attack also involved enabling RDP for remote access and deploying the KillAV tool to terminate security processes.
Show sources

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack — thehackernews.com — 22.01.2026 20:00
Open in new tab

Information Snippets

Osiris ransomware targeted a major food service franchisee operator in Southeast Asia in November 2025.
First reported: 22.01.2026 20:00

1 source, 1 article
Show sources
- New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack — thehackernews.com — 22.01.2026 20:00
The attack leveraged the POORTRY driver in a BYOVD technique to disable security software.
First reported: 22.01.2026 20:00

1 source, 1 article
Show sources
- New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack — thehackernews.com — 22.01.2026 20:00
Osiris is a new ransomware strain with no similarities to the 2016 Locky ransomware variant of the same name.
First reported: 22.01.2026 20:00

1 source, 1 article
Show sources
- New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack — thehackernews.com — 22.01.2026 20:00
The attackers exfiltrated data to Wasabi cloud storage buckets using Rclone.
First reported: 22.01.2026 20:00

1 source, 1 article
Show sources
- New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack — thehackernews.com — 22.01.2026 20:00
Dual-use tools like Netscan, Netexec, and MeshAgent, along with a custom version of Rustdesk, were used in the attack.
First reported: 22.01.2026 20:00

1 source, 1 article
Show sources
- New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack — thehackernews.com — 22.01.2026 20:00
The attack involved enabling RDP for remote access and deploying the KillAV tool to terminate security processes.
First reported: 22.01.2026 20:00

1 source, 1 article
Show sources
- New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack — thehackernews.com — 22.01.2026 20:00

Summary

Timeline

Osiris Ransomware Targets Food Service Franchisee in Southeast Asia

Information Snippets