How to recover from the OSX/Filecoder.E ransomware on your Mac

Buggy ransomware didn’t offer a method of recovery even if you paid the extortionists. Until now.

How to recover from the FileCoder ranso

Last week I warned of the OSX/Filecoder.E ransomware that had been discovered by researchers at ESET, after it was distributed via BitTorrent distribution sites as cracks for pirated software.

One of the things that made OSX/Filecoder.E (which is also known as Patcher or Filezip) notable as malware was not just that it targeted Mac users, but also that - even if you gave in to the attackers' ransom demands - there was no way for your encrypted data to be recovered.

Well, a week can be a long time in malware - and as Thomas Reed of MalwareBytes reports there is some hope for macOS users who have fallen victim to an attack:

For those who get infected with Findzip (aka Filecoder), it's still true that the hackers behind it can't give you a key to decrypt it. There's no honor among these particular thieves, as they're lying about their ability to help if you pay the ransom.

However, all hope is not lost! If you made the mistake of not having a backup, or if your backup was also compromised by the ransomware, there’s still a chance for you to recover.

Nice work.

The technique for recovery is clearly quite fiddly and involved, but if you were unlucky enough to have been hit by an OSX/Filecoder.E infection it may be your best hope.

Of course, we all should remember that when it comes to ransomware prevention is better than cure.

That means keeping your computer patched with the latest security updates, running an up-to-date anti-virus solution, and maintaining secure backups beyond the reach of online criminals.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, , , ,

No comments yet.

Leave a Reply