Posted by: David Harley | March 1, 2017

OSX/Filecoder.E Ransomware Recovery

[Also posted at AVIEN: Patcher/Filezip/Filecoder – data recovery and naming. Slightly edited here.]

Because of time issues, I added the malware ESET calls OSX/Filecoder.E to the Specific Ransomware Families and Types page at AVIEN but didn’t give it an article of its own there. Since there is important news (to potential victims) from Sophos and Malwarebytes, I’m repairing that omission there and also at MacVirus.

Note that both Reed and Cluley sometimes refer to the malware as FileCoder. This is potentially misleading: while ESET, which first uncovered the thing, detects it as OSX/Filecoder.E, the term ‘Filecoder’ is used generically by the company to denote crypto-ransomware, so you/we need to use the full name ‘OSX/Filecoder.E’ to distinguish it from other, unrelated ransomware families.

David Harley


  1. Thanks for the note at the end there David. I’ll update my article accordingly.

    • Cheers, Graham. I was about to mail you, but my connection is all over the place today. Seemingly anywhere but Cornwall, which is where I am…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: