Fantom: New Ransomware With a Twist

Claims to be a critical

Published on August 26, 2016 By DrJBHL In Personal Computing

There's a new twist in the ransomware game. Some (presumably) Russian cyber criminals have found a new way to deliver 'the goods' named "Fantom". They come disguised as a “Windows Update”, complete with a fake Windows Update screen pretending to be performing a “critical update”. This is the 'a.exe' file included with the encrypter, called 'WindowsUpdate.exe'. It even has a 'percent installed' meter and a warning not to turn off the computer during the update.

Needless to say, all it's doing is encrypting your files and you'll have to pay to 'decrypt' them.

The encryption occurs during the 'Configuring Update' screen, generating a random AES-128 key which is uploaded to the criminals' Command and Control Server.

Finally it opens an html file (in pretty poor English) informing you that you are screwed, and offers to decrypt 2 small files as proof they are on the level. They also mention that you have one week to pay or your key will be destroyed.

So… back up your data, and let the genuine Windows Update do its thing. MS will NEVER put updates out on the net to download.

Source:

https://malwaretips.com/threads/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update.62764/

http://www.neowin.net/news/fantom-ransomware-pretends-to-be-windows-update-while-it-encrypts-your-files

Comments

Jafo

on Aug 26, 2016

Whenever I'm being screwed I always want it done in 'pretty poor English'...

...but then I'm just weird...

DrJBHL

on Aug 26, 2016

Jafo

reply 1

Whenever I'm being screwed I always want it done in 'pretty poor English'...

I'm sure. Very interesting...while writing the OP, I was weighing whether to add, "This time, with their poor grammar, the poor sods have chosen to screw with the wrong person...".

Any guesses as to his identity?

Uvah

on Aug 26, 2016

Zubaz..............

You been Zubished!

ElanaAhova

on Aug 31, 2016

Jafo

reply 1

...

Whenever I'm being screwed I always want it done in 'pretty poor English'...
...

Actually, I perfer proper, standard English when I'm being screwed. I have class...

psychoak

on Aug 31, 2016

My brother has class, but I haven't been to school in years.

Why would anyone, even someone over-educated, download windows updates off the internet?

admiralWillyWilber

on Aug 31, 2016

My question is when my computer says important updates in the lower right corner does that mean I should never answer them.

ElanaAhova

on Aug 31, 2016

psychoak

reply 5

My brother has class, but I haven't been to school in years.

Why would anyone, even someone over-educated, download windows updates off the internet?

ummm, isn't the connection most users have with the MS servers via the internet?

DrJBHL

on Aug 31, 2016

admiralWillyWilber

reply 6

My question is when my computer says important updates in the lower right corner does that mean I should never answer them.

Just what is giving you that notification? Are you on W7 or W10? Is it Windows Update or some other app?

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!