Find notable cyber news and cases, enriched with sources, timelines, and signals.

Osiris ransomware uses POORTRY BYOVD to disable defenses and exfiltrate data

Malware Activity
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

Researchers disclosed Osiris, a new ransomware family that hit a major food service franchisee operator in Southeast Asia in November 2025, showing an active intrusion chain that combined theft and encryption. The attack used POORTRY in a BYOVD chain to disable security software, which increased the chance of undetected deployment. Before encryption, the operators used Rclone to exfiltrate data to Wasabi buckets and relied on dual-use tools such as Mimikatz, Netexec, and MeshAgent. The malware also kills services and processes, encrypts files with a hybrid scheme, and drops a ransom note, making it relevant to defenders tracking ransomware tradecraft.

Related Happenings

GodDamn ransomware PoisonX BYOVD activity

Malware Activity
H score15 First: 09.07.2026 13:43 Last: 09.07.2026 13:43 Sources 1

About this happening: The **GodDamn** ransomware family is using the **PoisonX** kernel driver to disable endpoint defenses during attacks, increasing the risk of **credential theft**, **lateral moveme...

INC ransomware encryptors rewritten in Rust

Malware Activity
H score38 First: 18.06.2026 17:12 Last: 18.06.2026 17:12 Sources 1

About this happening: INC's **Windows** and **Linux/ESXi encryptors** were rewritten in **Rust**, improving cross-platform development and making reverse engineering harder. The malware line also gaine...

Major U.S. services company hit by ransomware attack linked to DragonForce

Incident
H score38 First: 16.06.2026 13:18 Last: 16.06.2026 13:18 Sources 1

About this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...

Foxconn hit by ransomware attack

Incident
H score71 First: 13.05.2026 15:49 Last: 13.05.2026 15:49 Sources 1

About this happening: **Foxconn** confirmed that **some North American factories** suffered a **cyberattack**, disrupting manufacturing operations and forcing a recovery effort to keep production and d...

Ministry of Justice and Legal Affairs of Oman hit by network compromise

Incident
H score37 First: 06.05.2026 16:00 Last: 06.05.2026 16:00 Sources 1

About this happening: The **Ministry of Justice and Legal Affairs of Oman** suffered an **active intrusion** that exposed **session logs** and **more than 26,000 user records**, raising risk to judicia...

Timeline

  1. 22.01.2026 20:00 2 articles · 5mo ago

    Osiris ransomware uses POORTRY BYOVD to disable defenses and exfiltrate data

    Initial Disclosure

    Initial activity on the target network began with **data exfiltration** to a **Wasabi** bucket using **Rclone**. The operators then introduced **POORTRY** to disable security tools before ransomware deployment.

    Show sources