How To Recover Files Locked By FileCoder, The Mac-Specific Ransomware

How To Recover Files Locked By FileCoder, The Mac-Specific Ransomware

Last week, a nasty ransomware called FileCoder was found to be targeting Apple Mac users. It was thought that there was no way to unlock any of encrpyted files since the criminals who made the ransomware didn’t seem to be keeping any decryption keys. Luckily, it is possible to unlock files that have been encrypted by FileCoder; the catch is that it’s a tricky process.

FileCoder, also known as Findzip, was spreading through BitTorrent sites, masquerading as a popular software cracking tool. Security researchers found that the ransomware locks files on OSX computers but doesn’t have a way to communicate with any C&C server, which means decryption keys would not have been sent back to the criminals behind FileCoder. Even if you did pay the ransom, there was no way to recover the files.

The good news is, FileCoder is a bit shit at being a ransomware; the algorithm that it uses to encrypt files is pretty weak. Now, Security researchers at MalwareBytes have found a way to unlock files that FileCoder has encrypted but the process isn’t for novice computer users. You’ll need the following tools.

  • A working computer
  • Xcode or TextWrangler
  • Xcode command-line tools
  • pkcrack source code
  • One unencrypted file and the corresponding encrypted file

Hopefully you’ve backed up at least one of the locked files somewhere – maybe it’s a word document you saved on a USB stick.

You can find detailed instructions on how to unlock FileCoder encrypted files here. If you’re not confident in going through the process yourself, hopefully you can recruit a computer savvy friend to help you get the job done.