Osiris ransomware uses POORTRY BYOVD to disable defenses and exfiltrate data
Malware Activity
Summary
Hide ▲
Show ▼
Researchers disclosed Osiris, a new ransomware family that hit a major food service franchisee operator in Southeast Asia in November 2025, showing an active intrusion chain that combined theft and encryption. The attack used POORTRY in a BYOVD chain to disable security software, which increased the chance of undetected deployment. Before encryption, the operators used Rclone to exfiltrate data to Wasabi buckets and relied on dual-use tools such as Mimikatz, Netexec, and MeshAgent. The malware also kills services and processes, encrypts files with a hybrid scheme, and drops a ransom note, making it relevant to defenders tracking ransomware tradecraft.
Related Happenings
GodDamn ransomware PoisonX BYOVD activity
Malware Activity
H score15
First: 09.07.2026 13:43
Last: 09.07.2026 13:43
Sources 1
About this happening:
The **GodDamn** ransomware family is using the **PoisonX** kernel driver to disable endpoint defenses during attacks, increasing the risk of **credential theft**, **lateral moveme...
GodDamn ransomware PoisonX BYOVD activity
Malware ActivityAbout this happening: The **GodDamn** ransomware family is using the **PoisonX** kernel driver to disable endpoint defenses during attacks, increasing the risk of **credential theft**, **lateral moveme...
INC ransomware encryptors rewritten in Rust
Malware Activity
H score38
First: 18.06.2026 17:12
Last: 18.06.2026 17:12
Sources 1
About this happening:
INC's **Windows** and **Linux/ESXi encryptors** were rewritten in **Rust**, improving cross-platform development and making reverse engineering harder. The malware line also gaine...
INC ransomware encryptors rewritten in Rust
Malware ActivityAbout this happening: INC's **Windows** and **Linux/ESXi encryptors** were rewritten in **Rust**, improving cross-platform development and making reverse engineering harder. The malware line also gaine...
Major U.S. services company hit by ransomware attack linked to DragonForce
Incident
H score38
First: 16.06.2026 13:18
Last: 16.06.2026 13:18
Sources 1
About this happening:
A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...
Major U.S. services company hit by ransomware attack linked to DragonForce
IncidentAbout this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...
Foxconn hit by ransomware attack
Incident
H score71
First: 13.05.2026 15:49
Last: 13.05.2026 15:49
Sources 1
About this happening:
**Foxconn** confirmed that **some North American factories** suffered a **cyberattack**, disrupting manufacturing operations and forcing a recovery effort to keep production and d...
Foxconn hit by ransomware attack
IncidentAbout this happening: **Foxconn** confirmed that **some North American factories** suffered a **cyberattack**, disrupting manufacturing operations and forcing a recovery effort to keep production and d...
Ministry of Justice and Legal Affairs of Oman hit by network compromise
Incident
H score37
First: 06.05.2026 16:00
Last: 06.05.2026 16:00
Sources 1
About this happening:
The **Ministry of Justice and Legal Affairs of Oman** suffered an **active intrusion** that exposed **session logs** and **more than 26,000 user records**, raising risk to judicia...
Ministry of Justice and Legal Affairs of Oman hit by network compromise
IncidentAbout this happening: The **Ministry of Justice and Legal Affairs of Oman** suffered an **active intrusion** that exposed **session logs** and **more than 26,000 user records**, raising risk to judicia...
Timeline
-
22.01.2026 20:00 2 articles · 5mo ago
Osiris ransomware uses POORTRY BYOVD to disable defenses and exfiltrate data
Initial DisclosureInitial activity on the target network began with **data exfiltration** to a **Wasabi** bucket using **Rclone**. The operators then introduced **POORTRY** to disable security tools before ransomware deployment.
Show sources
- New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack — thehackernews.com — 22.01.2026 20:00
- New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack — thehackernews.com — 22.01.2026 20:00