Fantom ransomware hides behind phony Windows update to infect your computer

mongodb database ransom rusty padlock
Garretttaggs /Wikimedia Commons
There’s yet another new type of ransomware out there. Fantom is a new form of the malicious virus that disguises itself as an important Windows update.

Ransomware encrypts a victim’s files and holds them ransom for a fee — and cybercriminals are getting savvier in tricking people into clicking malicious links and downloading the virus.

Fantom was discovered by Jakub Kroustek, a security researcher at AVG. He found that the culprits had actually gone to great lengths to disguise their work. The malicious file’s properties list details like Microsoft’s copyright and trademark information to make it appear legitimate.

Once you have downloaded this file, your computer will execute another file called WindowsUpdate.exe, which once again looks relatively harmless to anyone downloading an update. Kroustek shared some screengrabs of the ransomware in action on Twitter, which included a very legitimate-looking “Configuring critical Windows Update” screen with the download update counter.

Unfortunately, what’s happening during this time is that all the users’ files are being encrypted. You can cancel the update screen by hitting Ctrl+F4 but this does not appear to negate the encryption process. Eventually, you will be greeted with the message below.

Fantom_Ransomware

The note doesn’t list any fee but encourages the victim to email for further instructions. It warns the user that all files will be destroyed if they don’t respond within a week, and that trying to retrieve your files on your own will permanently destroy the data as well.

The ransomware itself appears to be quite similar to others. It’s based on EDA2, the code commonly used in many different ransomware attacks, and encrypts files with AES-128 encryption. But right now there’s no decryption key available for Fantom.

There’s no sign of where exactly this new ransomware and infection tactic has come from, but according to Bleeping Computer, the very poor English in the ransom note suggests it’s not originating from a native speaker. Researchers and hackers have tried to pin down possible sources of ransomware by picking apart the language and terminology used in the text, with many putting the blame on Russian-speaking hackers.

As far as Fantom goes, one of its infection notices lists an email address from Russian provider Yandex but also a Techemail address, which is provided by California’s Everyone.net, so it’s not possible to attribute Fantom to anyone at this point.

Computing

Hackers are scoring with ransomware that attacks its previous victims

Computer viruses are always evolving. In a new one, dubbed "Ryuk," hackers are targeting PCs with ransomware that scours an infected network in order to pinpoint and attack and enterprises with big money.
Gaming

‘Fortnite’ security flaw let hackers spy on players through microphones

A security vulnerability found in Fortnite allowed hackers to gain access to other players' accounts, potentially letting them spy on conversations using the in-game microphone. It has been addressed.
Computing

Problems with installing or updating Windows 10? Here's how to fix them

Upgrading to the newest version of Windows 10 is usually a breeze, but sometimes you run into issues. Never fear though, our guide will help you isolate the issue at hand and solve it in a timely manner.
Computing

Change your mouse cursor in Windows with these quick tips

The standard mouse cursor is boring, so change it! With this guide on how to change your mouse cursor in Windows, you can choose to use one of Microsoft's pre-installed cursors or download something a bit more extravagant.
Computing

You could be gaming on AMD’s Navi graphics card before the end of the summer

If you're waiting for a new graphics card from AMD that doesn't cost $700, you may have to wait for Navi. But that card may not be far away, with new rumors suggesting we could see a July launch.
Computing

Is AMD's Navi back on track for 2019? Here's everything you need to know

With a reported launch in 2019, AMD is focusing on the mid-range market with its next-generation Navi GPU. Billed as a successor to Polaris, Navi promises to deliver better performance to consoles, like Sony's PlayStation 5.
Computing

Cortana wants to be friends with Alexa and Google Assistant

Microsoft no longer wants to compete against Amazon's Alexa and Google's Assistant in the digital assistant space. Instead, it wants to transform Cortana into a skill that can be integrated into other digital assistants.
Computing

Microsoft leans on A.I. to resume safe delivery of Windows 10 Update

Microsoft is leaning on artificial intelligence as it resumes the automatic rollout of the Windows 10 October 2018 Update. You should start seeing the update soon now that Microsoft has resolved problems with the initial software.
Computing

Stop dragging windows on your Mac. Here's how to use Split View to multitask

The latest iterations of MacOS offer a native Split View feature that can automatically divide screen space between two applications. Here's how to use Split View on a Mac, adjust it as needed, and how it can help out.
Computing

It's not all free money. Here's what to know before you try to mine Bitcoin

Mining Bitcoin today is harder than it used to be, but if you have enough time, money, and cheap electricity, you can still turn a profit. Here's how to get started mining Bitcoin at home and in the cloud.
Computing

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. This list of the best free drawing software is just as powerful as some of the more expensive offerings.
Computing

What is fixed wireless 5G? Here’s everything you need to know

Here's fixed wireless 5G explained! Learn what you need to know about this effective new wireless technology, when it's available, how much it costs, and more. If you're thinking about 5G, this guide can help!
Emerging Tech

Awesome Tech You Can’t Buy Yet: camera with A.I. director, robot arm assistant

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Computing

Fix those internet dead zones by turning an old router into a Wi-Fi repeater

Is there a Wi-Fi dead zone in your home or office? A Wi-Fi repeater can help. Don't buy a new one, though. Here is how to extend Wi-Fi range with another router you have lying around.