Dangerous ransomware arriving as fraudulent Eir bill email

ESET Ireland is warning Irish computer users against opening an attachment to a faked Eir email, as it contains dangerous ransomware, which will lock your files and demand payment to unlock them.

ESET Ireland has come across another dangerous spam email. This one pretends to come from Eir and says:



Clicking the link will download what appears like a zipped file, but is really a heavily obfuscated javascript file, that installs dangerous ransomware that ESET identifies as Win32/Filecoder.NHQ.


The malware will lock files on the victim’s computer, then play a robotic voice recording, saying: “Attention, attention, this is not a test, all your documents, databases and other important files are encrypted and windows cannot restore them without special software. User action is required as soon as possible to recover the files”


ESET Ireland would like to point out that paying the ransom to the cybercriminals does not guarantee getting your files unlocked, or it can result in a repeated infection a while later.

ESET security software identifies and prevents this particular ransomware from executing, keeping the users safe, but everyone is still warned to avoid clicking on any attachments or links in such fraudulent emails, instead marking them as spam and deleting them.

by Ciaran McHale and Urban Schrott, ESET Ireland

2 thoughts on “Dangerous ransomware arriving as fraudulent Eir bill email

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s