Because of time issues, I added the malware ESET calls OSX/Filecoder.E to the Specific Ransomware Families and Types page but didn’t give it an article of its own here. Since there is important news (to potential victims) from Malwarebytes and Sophos, I’m repairing that omission here.
- MARC-ETIENNE M.LÉVEILLÉ for ESET: New crypto-ransomware hits macOS – malware that calls itself ‘Patcher’, detected by ESET as OSX/Filecoder.E [22nd February 2017]
- Thomas Reed for Malwarebytes: Mac ransomware on piracy sites – Malwarebytes calls it OSX.Findzip.[23rd February 2017]
- Thomas Reed’s follow-up: Decrypting after a Findzip ransomware infection. Very useful work on recovering data (the gang behind the ransomware will take your money, but can’t provide you with a way of decrypting it). [February 28th 2017]
- Paul Ducklin for Sophos: ‘Filecode’ ransomware attacks your Mac – how to recover for free [28th February 2017]
- Commentary by Graham Cluley: How to recover from the FileCoder ransomware on your Mac – Buggy ransomware didn’t offer a method of recovery even if you paid the extortionists. Until now. [March 1st 2017]
Note that both Reed and Cluley sometimes refer to the malware as FileCoder. This is potentially misleading: while ESET, which first uncovered the thing, detects it as OSX/Filecoder.E, the term ‘Filecoder’ is used generically by the company to denote crypto-ransomware, so you/we need to use the full name ‘OSX/Filecoder.E’ to distinguish it from other, unrelated ransomware families.