Apple pushes silent update to XProtect against Findzip or Filecoder.E

Apple has pushed out another update to the XProtect data for Sierra and El Capitan systems, early today.

This adds protection against OSX.Findzip.A, and brings those data to version 1.0 2089.

FindZip, also known as Filecoder.E is new file-encrypting ransomware which has apparently been written in Swift, and contains numerous programming errors. Perhaps its most serious problems are that it is not signed, which makes it harder to install and more noticeable, and that payment of the ransom does not result in file recovery, according to ESET who apparently discovered the malware.

This malware poses as a ‘patcher’ app for Adobe Premiere Pro CC 2017 or Office 2016, or possibly other commercial apps, and is being distributed via Torrents. This is a remarkably quick response on the part of Apple to this emerging threat, which was only reported yesterday, 22 February.

If you are concerned about obtaining more general protection from ransomware, I strongly recommend Objective-See’s RansomWhere? which monitors your file system for background file encryption activity.