Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


New Fantom Ransomware Masquerades as Critical Windows Update

AVG the security company just found one fresh ransomware strain it names "Fantom." The malware pretends to be one crucial Windows update. Windows computer operators if believe the update happening will find one screen supposedly loading the update. However, the real thing occurring is that all files and documents of the PC-operator are getting encrypted.

Fantom's existence is from a project called EDA2 ransomware that's of open-source kind, while for unlocking the encrypted files the only resort is the culprit himself. True for an experienced computer-user, he may recognize the ransomware trying to do a malicious act, but for someone less experienced it is simple how the ruse trips him.

Until recently, there were flaws within EDA2 which helped security investigators acquire the decryption code by downloading it from Fantom's command-and-control infrastructure. Bleeping Computer analyzes that now those flaws have disappeared implying a Fantom coder surely discovered and rectified them.

To begin with, the scam shows one pop-up marked "critical update" that apparently is from Microsoft. And suppose the computer-operator runs the spurious update then files would be extracted and one embedded program would get executed under the name WindowsUpdate.exe. Thereafter, Windows seemingly would run updates showing alongside a percentage countdown as also a warning that the PC shouldn't be turned off. When the installation is complete, the end-user is prompted to press Ctrl+F4 to shutdown the screen. However, the ransomware goes on doing its malicious encryption of the victim's files. Hothardware.com posted this, August 26, 2016.

Similar like it happens with remaining EDA2 ransom software, an AES-128 key is generated from Fantom that's encrypted utilizing RSA followed with uploading it for the scammer. The attack by Fantom is on specified file extensions, locked utilizing AES-128 encryption. These locked files are given .fantom extension, while alongside, a ransom message is added to every folder whose file is encrypted.

The ransom messages are as TXT/HTML files. Moreover, Fantom as well alters the desktop of the PC-operator using one customized screenshot having the particulars for contacting. Finally, Fantom eliminates itself through the execution of dual batch scripts which erase all of the malware's installation files.

» SPAMfighter News - 9/1/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page