Ramblings of an old Doc
Claims to be a critical
Published on August 26, 2016 By DrJBHL In Personal Computing

 

There's a new twist in the ransomware game. Some (presumably) Russian cyber criminals have found a new way to deliver 'the goods' named "Fantom". They come disguised as a “Windows Update”, complete with a fake Windows Update screen pretending to be performing a “critical update”. This is the 'a.exe' file included with the encrypter, called 'WindowsUpdate.exe'. It even has a 'percent installed' meter and a warning not to turn off the computer during the update.

 

Needless to say, all it's doing is encrypting your files and you'll have to pay to 'decrypt' them.

 

The encryption occurs during the 'Configuring Update' screen, generating a random AES-128 key which is uploaded to the criminals' Command and Control Server.

 

Finally it opens an html file (in pretty poor English) informing you that you are screwed, and offers to decrypt 2 small files as proof they are on the level. They also mention that you have one week to pay or your key will be destroyed.

 

So… back up your data, and let the genuine Windows Update do its thing. MS will NEVER put updates out on the net to download.

 

Source:

 

https://malwaretips.com/threads/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update.62764/

 

http://www.neowin.net/news/fantom-ransomware-pretends-to-be-windows-update-while-it-encrypts-your-files


Comments
on Aug 26, 2016


Finally it opens an html file (in pretty poor English) informing you that you are screwed, and offers to decrypt 2 small files as proof they are on the level. They also mention that you have one week to pay or your key will be destroyed.

 

Whenever I'm being screwed I always want it done in 'pretty poor English'...

...but then I'm just weird...

on Aug 26, 2016


Whenever I'm being screwed I always want it done in 'pretty poor English'...

 

I'm sure. Very interesting...while writing the OP,  I was weighing whether to add, "This time, with their poor grammar, the poor sods have chosen to screw with the wrong person...".

Any guesses as to his identity?

on Aug 26, 2016

Zubaz..............

You been Zubished!

on Aug 31, 2016



...

Whenever I'm being screwed I always want it done in 'pretty poor English'...
...

Actually, I perfer proper, standard English when I'm being screwed.   I have class... 

on Aug 31, 2016

My brother has class, but I haven't been to school in years.

 

Why would anyone, even someone over-educated, download windows updates off the internet?

on Aug 31, 2016

My question is when my computer says important updates in the lower right corner does that mean I should never answer them.

on Aug 31, 2016

psychoak

My brother has class, but I haven't been to school in years.

 

Why would anyone, even someone over-educated, download windows updates off the internet?

 

ummm, isn't the connection most users have with the MS servers via the internet?  

on Aug 31, 2016

admiralWillyWilber

My question is when my computer says important updates in the lower right corner does that mean I should never answer them.

Just what is giving you that notification? Are you on W7 or W10? Is it Windows Update or some other app?