Main Menu
,

Osiris Ransomware Disables Security Tools in Novel Attack

Researchers have uncovered the Osiris ransomware, deployed in a late 2025 cyberattack targeting a Southeast Asian food service franchise. Utilizing BYOVD tactics and exploiting the POORTRY driver, Osiris effectively disabled security systems, leaving the victim's infrastructure vulnerable.
Facebook Twitter Youtube Linkedin
Osiris Ransomware Disables Security Tools in Novel Attack
Table of Contents
    Add a header to begin generating the table of contents

    Identified by cybersecurity experts from Symantec and Carbon Black, a new strain of ransomware, dubbed Osiris, has emerged as a significant threat following its deployment in an attack against a large Southeast Asian food service company. The attack, which took place in November 2025, marks a novel integration of tactics to disable security protocols and amplify the attack’s impact.

    Increasingly Sophisticated Attack Techniques Uncovered

    Investigators noted that the attackers behind Osiris employed the “Bring Your Own Vulnerable Driver” (BYOVD) tactic. This method involves the use of a compromised driver, allowing attackers to bypass protective layers within target systems’ security protocols. Consequently, the Osiris ransomware was able to operate unchecked by traditional antivirus defenses.

    Investigating the POORTRY Driver Exploit

    The methodology included the manipulation of the POORTRY driver — a critical element contributing to the attack’s success. By exploiting vulnerabilities therein, Osiris managed to dismantle existing security infrastructures, leaving the food service franchise operator’s network defenseless. This exploit exemplifies the innovative, albeit malicious, approach employed by modern cybercriminals.

    Target and Impact: A Breakdown of the Attack’s Target and Methodology

    The focal point of the November 2025 cyber offensive was a prominent chain within the Southeast Asian food service industry. This choice of target indicates a strategic aim at sectors pivotal to regional economies, potentially causing widespread operational disruption and financial impact.

    • Leveraged the BYOVD technique to sidestep defenses.
    • Utilized malicious driver models, notably the POORTRY configuration.
    • Targeted a key industry integral to Southeast Asia’s economy.

    Responding to Emerging Threats

    As cybersecurity practitioners continue to navigate an evolving landscape, understanding and anticipating such sophisticated methods is paramount. Monitoring for signs of BYOVD use and improving detection of suspicious driver activities could enhance defense mechanisms, preempting similar ransomware incidents in the future.

    This novel ransomware approach underscores an urgent need for heightened vigilance and innovation in countering cybersecurity threats.

    Trending
    Nike Investigates Breach as Hackers Threaten Data Disclosure
    Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
    North Korean Hacker Group Deploys AI-Powered Malware Targeting Blockchain Developers
    Major Cyber Assault by Sandworm Against Poland’s Grid Averted
    Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
    Emerging Threats: Cloudflare WAF Bypass and Snap Store Malware
    Fortinet’s FortiCloud SSO Exploitation Raises Concerns Despite Patches
    Automation in Cyberattacks: A New Era for CISOs to Prepare For
    Malicious VSCode Extensions Infiltrate Marketplace
    New CISA Alert: Active Exploitation of Critical Vulnerabilities in Enterprise Tools

    Daily Briefing Newsletter

    Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

    New Advances in Page Cache Exploitation by Austrian Researchers
    Cybersecurity
    New Advances in Page Cache Exploitation by Austrian Researchers
    Gabby Lee January 28, 2026
    Related Posts
    Cyprus Airways Data Breach: Hackers Claim Access to Real-Time Systems and Passenger Records

    Cyprus Airways Data Breach: Hackers Claim Access to Real-Time Systems and Passenger Records

    US Cybersecurity Agency Opts Out of RSA Conference While Jen Easterly Plans Attendance

    US Cybersecurity Agency Opts Out of RSA Conference While Jen Easterly Plans Attendance

    UK Home Office Invests Heavily in Tech to Mitigate Channel Immigration Challenges

    UK Home Office Invests Heavily in Tech to Mitigate Channel Immigration Challenges

    CISA Identifies Critical Broadcom VMware vCenter Vulnerability CVE-2024-37079

    CISA Identifies Critical Broadcom VMware vCenter Vulnerability CVE-2024-37079

    Nike Investigates Breach as Hackers Threaten Data Disclosure

    Nike Investigates Breach as Hackers Threaten Data Disclosure

    Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT

    Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT

    North Korean Hacker Group Deploys AI-Powered Malware Targeting Blockchain Developers

    North Korean Hacker Group Deploys AI-Powered Malware Targeting Blockchain Developers