Skip to main content
invest in estonia


How Estonia’s foreign investor Malwarebytes crushes cyber threats and restores confidence

Infections have held Fernando Francisco on the edge for the past 20 years. Not the kind of infections that have been keeping the whole world anxious this year, rather the infections caused by cyberthreats.

Francisco is the Vice President of the American cybersecurity firm Malwarebytes. He heads the company office in Tallinn and is responsible for the corporate development and strategy of the company. The company has offices in Silicon Valley, Florida, Ireland among other places, but they established themselves in Estonia back in 2016.

Since then, Francisco has lived in Tallinn, the capital of Estonia, and has enjoyed both his personal and professional time in the medieval yet modern city. In an interview with Life in Estonia, Francisco talked about why the company decided to open an office in Tallinn, whether it was a good decision, what effect the pandemic has had on cyber threats, and what the most common cyberthreats are at the moment.

Malwarebytes disrupted the thinking of how an antivirus should work

Fernando Francisco was born in Portugal and completed parts of his studies in Finland where he also laid the foundation for his professional career. Prior to joining Malwarebytes in 2011, he had worked for other cybersecurity companies, such as F-Secure and Lavasoft.

When Malwarebytes was founded, the most well-known competitors were McAfee and Symantec. Although Francisco was not at Malwarebytes when it was first founded, he knows the mission behind creating it – everyone has a fundamental right for a malware-free existence.

The competitors’ products were failing to protect the user and Malwarebytes decided to develop technologies to disrupt the way people thought an antivirus should work. Compared to other antivirus software, Malwarebytes doesn’t rely on samples from malware to remove them from a user’s devices. Nowadays, Malwarebytes offers many different products against different types of cyber-threats. The client-base is split roughly 50-50 between corporate and consumers.

“The largest implementation that Malwarebyte’s products run on consists of +500 000 computers. Without disclosing any names, I can say we have a wide range of customers from around the world in all sizes and industries. The companies come to us because we shine in our remediation technology. You can run Malwarebytes alone but you can also couple it with any other product. Even when using some other antivirus vendors, you still want to use Malwarebytes for the peace of mind,” said Francisco.

Malwarebytes sees that the simplest, most effective cyberattack to deploy, is a phishing attack. Phishing is a type of social engineering attack often used to steal usernames, passwords and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message and the victim opens an attached file or clicks on a link that is infected with malware.

Ransomware attacks are the second-most popular attacks at the moment. These might start off like a phishing attack, the attacker tries to masquerade themselves as a trusted entity and, when they are successful, use special software to encrypt the victim’s files. To decrypt the files the attacker asks for a sum of money, normally in the form of a cryptocurrency, to make it harder to identify the attacker afterwards.

There have been many ransomware attacks in recent years that got big press coverage. The latest was a ransomware attack targeting the American technology company Garmin. Just days before the attack, Malwarebytes was the first cybersecurity company to bring attention to WastedLocker, the malware used during the attack. Francisco could neither confirm nor deny that Malwarebytes and Garmin had any business relations, nor did the latter ask for any help to get rid of the malware during the attack. The attack ended with Garmin reportedly paying a multimillion dollar ransom to the attackers. Something anyone in the field of security advises against.

Office in Tallinn attracts talent from neighbouring countries

Malwarebytes has offices around the world but the main office is located in Silicon Valley. Back in 2016, they opened an office in Tallinn, Estonia because in Silicon Valley it became increasingly difficult to hire talent.

“In Silicon Valley, you are competing with Google, Facebook, Apple and everyone else. It became so expensive to hire talent. If you are not paying high wages, you don’t get the best talent in Silicon Valley. The reason we expanded is because we could attract more talent to Tallinn. There is local talent here and talent from neighbouring countries such as Russia, Poland and Ukraine. Estonia makes it attractive and easy to relocate people. There were a number of factors combined for why we expanded to Tallinn,” said Francisco.
To expand their business, Malwarebytes used a service called Work in Estonia provided by Enterprise Estonia (EAS). Work in Estonia is run by a team of people at EAS that help in the process of hiring foreign talent for Estonian companies. EAS has produced a step-by-step guide for foreign recruitment and an online portal at, which provides a thorough overview for foreign specialists on matters concerning relocating to Estonia. Malwarebytes confirms that the Work in Estonia service helped them in many respects. It has been a win-win solution for Malwarebytes and Estonia in general.

“Big thanks to the Estonian government and the Work in Estonia service. Before the pandemic, we could relocate a person in just a week. Imagine when you send a job offer from the other side of the world and, in a few weeks, you are already sitting next to your colleagues at the Tallinn office. I think this is excellent. All of this combined made a huge difference for us. Tallinn, like Estonia in general, is a nice and safe place, close to other major cities. Estonia also has a good brand image in the world that our developers and engineers are keen on.”

For the next six months, Malwarebytes is looking to hire around 30 new employees for their Tallinn office. The vice president does not hide the fact that the wages in the Tallinn office are not comparable to those in Silicon Valley, but that has not affected the quality of the talent hired in Tallinn.

Right now, the office in Tallinn houses around 70 employees, mostly consisting of engineers. Almost half of the office consists of Estonian nationals and the other half is comprised of many other nationalities.

Just this past August, Estonia launched a new visa program specifically catering to digital nomads. Right now, Malwarebytes is looking into the program and ascertaining whether it is of any use to them when hiring new talent. The digital nomad visa gives the right to travel to Estonia, stay here as a tourist and continue to work for a foreign company or as a freelancer.

To get the visa, the interested party needs to physically apply for it at an Estonian embassy. As there were many travel restrictions around the world during the first month the visa program opened, Estonia managed to issue only five digital nomad visas. Before the pandemic, the projection was that around 1800 digital nomad visas would be granted yearly.

The pandemic has had an effect on cyberthreats

Recently, Malwarebytes surveyed more than 200 managers, directors and C-suite executives in IT and cybersecurity roles at companies across the US, finding out some concerning trends during the pandemic that affect cybersecurity when working from home.

Key takeaways from the research state that 24% of surveyed companies paid unexpected expenses specifically to address a cybersecurity breach or malware attack following shelter-in-place orders. 20% faced a security breach as a result of a remote worker, 18% admitted that, for their employees, cybersecurity was not a priority, while 5% admitted their employees were a security risk and oblivious to security best practices, and 28% admitted to using personal devices for work-related activities more than their work-issued devices, which could create new opportunities for cyber-attacks.

Francisco sees that during the pandemic there have been more attempts to take advantage of the most volatile people; Malwarebytes has seen that the threat landscape has been more active in the last months.

“There has been a lot of viruses, phishing attempts and other cyberthreats that use the word Covid. For example, emails with messages to click on a link to learn more about COVID-19. There have been many different kinds of threats around the pandemic.”

Luckily for Malwarebytes, during the pandemic their business has been growing due to the fact that people spend more time at home on their devices and computers.

“Thanks to that, their devices are more likely to get infected and they start to Google how to clean up infections and end up with Malwarebytes. We’ve seen a growth in customers and revenue.”

The so-called thematic threats are not something new. According to Francisco, the only new strategy of thematic threats is that they are now exploiting the pandemic, which just is the hot topic at the moment. Normally, Malwarebytes sees an increase in thematic threats during big global events like the Olympic games or the football World Cup.

Wish to know more about cyber security in Estonia? Read more here or send Invest Estonia a request for e-consulting to be assigned a personal advisor who will help you with your business plan in Estonia.

News & events

Need more information?

Need more information?

What is it like to run a business in Estonia? How to benefit from the e-solutions and the efficiency of our business culture? What are the opportunities in specific sectors? Who to partner up with?

The Estonian Investment Agency’s team is happy to help you via its complimentary e-Consulting service, organize online or offline follow-up events such as virtual investment visits and guide you through the fairly simple process of investing in Estonia.

Request e-consulting