Skip to main content
  1. Home
  2. Computing
  3. News

Fantom ransomware hides behind phony Windows update to infect your computer

By

mongodb database ransom rusty padlock
Garretttaggs /Wikimedia Commons
There’s yet another new type of ransomware out there. Fantom is a new form of the malicious virus that disguises itself as an important Windows update.

Ransomware encrypts a victim’s files and holds them ransom for a fee — and cybercriminals are getting savvier in tricking people into clicking malicious links and downloading the virus.

Recommended Videos

Fantom was discovered by Jakub Kroustek, a security researcher at AVG. He found that the culprits had actually gone to great lengths to disguise their work. The malicious file’s properties list details like Microsoft’s copyright and trademark information to make it appear legitimate.

Related

Once you have downloaded this file, your computer will execute another file called WindowsUpdate.exe, which once again looks relatively harmless to anyone downloading an update. Kroustek shared some screengrabs of the ransomware in action on Twitter, which included a very legitimate-looking “Configuring critical Windows Update” screen with the download update counter.

Unfortunately, what’s happening during this time is that all the users’ files are being encrypted. You can cancel the update screen by hitting Ctrl+F4 but this does not appear to negate the encryption process. Eventually, you will be greeted with the message below.

Fantom_Ransomware
Image used with permission by copyright holder

The note doesn’t list any fee but encourages the victim to email for further instructions. It warns the user that all files will be destroyed if they don’t respond within a week, and that trying to retrieve your files on your own will permanently destroy the data as well.

The ransomware itself appears to be quite similar to others. It’s based on EDA2, the code commonly used in many different ransomware attacks, and encrypts files with AES-128 encryption. But right now there’s no decryption key available for Fantom.

There’s no sign of where exactly this new ransomware and infection tactic has come from, but according to Bleeping Computer, the very poor English in the ransom note suggests it’s not originating from a native speaker. Researchers and hackers have tried to pin down possible sources of ransomware by picking apart the language and terminology used in the text, with many putting the blame on Russian-speaking hackers.

As far as Fantom goes, one of its infection notices lists an email address from Russian provider Yandex but also a Techemail address, which is provided by California’s Everyone.net, so it’s not possible to attribute Fantom to anyone at this point.

Editors' Recommendations

Topics
Jonathan Keane
Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Surprise: Windows 11 is doing much better than we thought
Person using Windows 11 laptop on their lap by the window.

What appears to have been a slow burn in OS adoption for Windows 11 might actually be a very promising transition to Microsoft's current system.

The Windows 11 operating system is now actively running on over 400 million devices and is on track to hit half a billion installs by early 2024, according to a report from Windows Central.

Read more
Windows 11 adoption is slowing, and we finally know why
Surface Laptop Studio 2 sitting on a table.

In the consumer space, Windows 11 adoption has been ticking along at a reasonable pace. For businesses, however, the OS may have reached its limit, as businesses struggle to upgrade machines to meet the minimum requirements.

IT asset management group Lansweeper has observed that the adoption of Windows 11 now stands at 8.35% as of October 2023, a slight jump from the 5.74% seen in September 2022. However, having conducted research on approximately 33 million Windows devices in the enterprise sector, Lansweeper has concluded that it is largely device incompatibility that is stalling Windows 11 updates on a grand scale.

Read more
If you have an AMD GPU, stay away from the latest Windows Update
Two AMD Radeon RX 7000 graphics cards on a pink surface.

A quick PSA: If you own one of AMD's best graphics cards and you like to tweak the settings, now is not a good time to download the latest Windows Update. According to users on the AMD forums, the KB5030310 update really doesn't agree with AMD's Adrenalin Control Panel. While it's not the end of the world, this isn't the first Windows update in the last few months that has caused problems.

It appears that every time people restart their PCs, their Adrenalin settings are all reset back to default. This means that any changes made to things like AMD's Anti-Lag or Hyper RX will disappear upon every boot. Fortunately, the graphics driver itself is unaffected.

Read more