September 27, 2013 | San Diego, CA | Press Releases

ESET Warns of Sharp Spike in FileCoder Ransomware

ESET, the global leader in proactive digital protection with a record of 10 consecutive years of VB100 awards for its award-winning NOD32® technology, today issued a warning from its Malware Research Lab regarding an unusual spike in activity from Filecoder malware–Trojans that encrypt user files and try to extort a ransom from the victim in exchange for decryption software.

ESET LiveGrid® technology, the company’s cloud-based malware collection system, showed a 200 percent increase in the number of weekly detections in July compared to the average number of detections in the weeks six months prior. The country most affected by the malware families is Russia, but campaigns are active in different parts of the world, including Italy, Spain, Germany, Czech Republic, Poland, Romania, the Ukraine and the United States.

“The Win32/Filecoder malware family is more dangerous than other types of so-called ransomware as they usually encrypt pictures, documents, music and archives,” said Robert Lipovsky, malware researcher at ESET. “Ransomware in this category typically involves requests for around $135-$300, however some have been seen extorting up to $4000. This high amount indicates that attackers are likely targeting businesses that can afford to pay higher ransoms than individuals.”

Cyber criminals employing this malware use a variety of techniques to infect a victim’s computer including drive-by downloads from malware-laden websites, email attachments, installation through another Trojan or Backdoor, or even manual installation by the attacker. Once infected, images and documents on the victims computer are overwritten with a notice that notifies them the files have been encyrpted and can only be decrypted using the criminal’s software, for a price. In some cases, the criminals try to put the victims under pressure by displaying a countdown showing how long they have before the encryption key is permanently deleted.

Consumers can protect themselves agasinst this type of malware by ensuring their antivirus software remains up to date. Other important steps to take include password protecting the settings on anti-malware software to prevent them being altered by an attacker  and backing up personal files often.

For a more detailed analysis of this malware, visit, ESET’s news platform for the latest information and analyses on cyber threats and useful security tips.


About ESET
ESET®, the pioneer of proactive protection and the maker of the award-winning NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 25 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32® Antivirus holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET’s NOD32® technology holds the longest consecutive string of the VB100 awards of any other AV vendor. ESET has received a number of accolades from AV-Comparatives, AV-TEST and other organizations. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET® has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries.