Russian Hackers May Be Behind Virus Attacking U.S. Police, Acronis Says

  • File-encrypting malware triggers data loss or ransom expenses
  • New ransomware Osiris can avoid detection, spread via cloud

Russian-speaking hackers may be behind the latest version of file-encrypting malware that attacked a Texas police department and can spread via cloud services, according to data-protection firm Acronis International GmbH.

The new ransomware, named “Osiris” after the Egyptian god of the afterlife, can disseminate itself in corporate networks without being detected and even spread to other organizations via customer-relationship management systems, Acronis said in a statement.

“Certain terms used in the malware coding indicate traces of Russian-speaking programmers behind it,” Nikolay Grebennikov, vice-president at Acronis, said in a phone interview. These include a phrase in the coding that refers to Soviet-era cartoon heroes Cheburashka and Gena.

Typically distributed via spam emails containing the subject headings “Invoice” or “Order Confirmation”, and in an attachment containing the bug, Osiris adds the .osiris extension to the encrypted files and offers victims to pay several thousands to as much as $100,000 in bitcoins to unlock the data, according to Grebennikov.

Cyber-security firms including McAfee Inc. named file-encrypting malware one of the main threats of 2017. A Texas police department lost eight years of evidence because of attack by Osiris last month, while a similar ransomware reportedly left guests of an Austrian hotel locked out of the rooms.

Acronis, based in Switzerland and co-founded by Serguei Beloussov, spun out of U.S. software developer Parallels Inc. in 2003.

    Before it's here, it's on the Bloomberg Terminal.