January 22, 2026 By Ravie Lakshmanan
Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025.
The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and Carbon Black Threat Hunter Team said.
It's worth noting that Osiris is assessed to be a brand-new ransomware strain, sharing no similarities with another variant of the same name that emerged in December 2016 as an iteration of the Locky ransomware. It's currently not known who the developers of the locker are, or if it's advertised as a ransomware-as-a-service (RaaS).
However, the Broadcom-owned cybersecurity division said it identified clues that suggest the threat actors who deployed the ransomware may have been previously associated with INC ransomware (aka Warble).
"A wide range of living off the land and dual-use tools were used in this attack, as was a malicious POORTRY driver, which was likely used as part of a bring your own vulnerable driver (BYOVD) attack to disable security software," the company said in a report shared with The Hacker News.