Skip to main content
  1. Home
  2. Computing
  3. News

Fantom ransomware hides behind phony Windows update to infect your computer

Jonathan Keane
By

mongodb database ransom rusty padlock
Garretttaggs /Wikimedia Commons
There’s yet another new type of ransomware out there. Fantom is a new form of the malicious virus that disguises itself as an important Windows update.

Ransomware encrypts a victim’s files and holds them ransom for a fee — and cybercriminals are getting savvier in tricking people into clicking malicious links and downloading the virus.

Recommended Videos

Fantom was discovered by Jakub Kroustek, a security researcher at AVG. He found that the culprits had actually gone to great lengths to disguise their work. The malicious file’s properties list details like Microsoft’s copyright and trademark information to make it appear legitimate.

Related

Once you have downloaded this file, your computer will execute another file called WindowsUpdate.exe, which once again looks relatively harmless to anyone downloading an update. Kroustek shared some screengrabs of the ransomware in action on Twitter, which included a very legitimate-looking “Configuring critical Windows Update” screen with the download update counter.

Unfortunately, what’s happening during this time is that all the users’ files are being encrypted. You can cancel the update screen by hitting Ctrl+F4 but this does not appear to negate the encryption process. Eventually, you will be greeted with the message below.

Fantom_Ransomware
Image used with permission by copyright holder

The note doesn’t list any fee but encourages the victim to email for further instructions. It warns the user that all files will be destroyed if they don’t respond within a week, and that trying to retrieve your files on your own will permanently destroy the data as well.

The ransomware itself appears to be quite similar to others. It’s based on EDA2, the code commonly used in many different ransomware attacks, and encrypts files with AES-128 encryption. But right now there’s no decryption key available for Fantom.

There’s no sign of where exactly this new ransomware and infection tactic has come from, but according to Bleeping Computer, the very poor English in the ransom note suggests it’s not originating from a native speaker. Researchers and hackers have tried to pin down possible sources of ransomware by picking apart the language and terminology used in the text, with many putting the blame on Russian-speaking hackers.

As far as Fantom goes, one of its infection notices lists an email address from Russian provider Yandex but also a Techemail address, which is provided by California’s Everyone.net, so it’s not possible to attribute Fantom to anyone at this point.

Editors' Recommendations

Topics
Jonathan Keane
Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Windows 11 adoption is slowing, and we finally know why
Surface Laptop Studio 2 sitting on a table.

In the consumer space, Windows 11 adoption has been ticking along at a reasonable pace. For businesses, however, the OS may have reached its limit, as businesses struggle to upgrade machines to meet the minimum requirements.

IT asset management group Lansweeper has observed that the adoption of Windows 11 now stands at 8.35% as of October 2023, a slight jump from the 5.74% seen in September 2022. However, having conducted research on approximately 33 million Windows devices in the enterprise sector, Lansweeper has concluded that it is largely device incompatibility that is stalling Windows 11 updates on a grand scale.

Read more
If you have an AMD GPU, stay away from the latest Windows Update
Two AMD Radeon RX 7000 graphics cards on a pink surface.

A quick PSA: If you own one of AMD's best graphics cards and you like to tweak the settings, now is not a good time to download the latest Windows Update. According to users on the AMD forums, the KB5030310 update really doesn't agree with AMD's Adrenalin Control Panel. While it's not the end of the world, this isn't the first Windows update in the last few months that has caused problems.

It appears that every time people restart their PCs, their Adrenalin settings are all reset back to default. This means that any changes made to things like AMD's Anti-Lag or Hyper RX will disappear upon every boot. Fortunately, the graphics driver itself is unaffected.

Read more
The latest Windows Update is reportedly causing Starfield problems
A man walking into a dusty town on another planet in starfield.

If you've installed the latest Windows 11 update and you've been experiencing all sorts of issues ever since, you're not alone And if you're still yet to install it, it's probably best hold off on it for now. Many users have been reporting problems following the recent update, including crashes, slowdowns, and blue screens of death (BSOD). Gamers appear to be affected most of all, with some reporting stuttering in Starfield and Ratchet and Clank: Rift Apart. 

Following the latest update released on Patch Tuesday, various reports of problems started pouring in across social media and Microsoft's Feedback Hub. Microsoft itself hasn't spoken up about this yet, but considering the number of reported issues, we could soon hear an official comment on the situation. If you've already installed the update and aren't experiencing problems, you have nothing to worry about. If you have installed and are encountering issues, it's best to revert to the previous version and reach out through the Feedback Hub.

Read more