How to recover from the OSX/Filecoder.E ransomware on your Mac

Buggy ransomware didn’t offer a method of recovery even if you paid the extortionists. Until now.

How to recover from the FileCoder ranso

Last week I warned of the OSX/Filecoder.E ransomware that had been discovered by researchers at ESET, after it was distributed via BitTorrent distribution sites as cracks for pirated software.

One of the things that made OSX/Filecoder.E (which is also known as Patcher or Filezip) notable as malware was not just that it targeted Mac users, but also that – even if you gave in to the attackers’ ransom demands – there was no way for your encrypted data to be recovered.

Well, a week can be a long time in malware – and as Thomas Reed of MalwareBytes reports there is some hope for macOS users who have fallen victim to an attack:

Sign up to our free newsletter.
Security news, advice, and tips.

For those who get infected with Findzip (aka Filecoder), it’s still true that the hackers behind it can’t give you a key to decrypt it. There’s no honor among these particular thieves, as they’re lying about their ability to help if you pay the ransom.

However, all hope is not lost! If you made the mistake of not having a backup, or if your backup was also compromised by the ransomware, there’s still a chance for you to recover.

Nice work.

The technique for recovery is clearly quite fiddly and involved, but if you were unlucky enough to have been hit by an OSX/Filecoder.E infection it may be your best hope.

Of course, we all should remember that when it comes to ransomware prevention is better than cure.

That means keeping your computer patched with the latest security updates, running an up-to-date anti-virus solution, and maintaining secure backups beyond the reach of online criminals.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.