Skip to main content

Fantom ransomware hides behind phony Windows update to infect your computer

mongodb database ransom rusty padlock
Garretttaggs /Wikimedia Commons
There’s yet another new type of ransomware out there. Fantom is a new form of the malicious virus that disguises itself as an important Windows update.

Ransomware encrypts a victim’s files and holds them ransom for a fee — and cybercriminals are getting savvier in tricking people into clicking malicious links and downloading the virus.

Fantom was discovered by Jakub Kroustek, a security researcher at AVG. He found that the culprits had actually gone to great lengths to disguise their work. The malicious file’s properties list details like Microsoft’s copyright and trademark information to make it appear legitimate.

Once you have downloaded this file, your computer will execute another file called WindowsUpdate.exe, which once again looks relatively harmless to anyone downloading an update. Kroustek shared some screengrabs of the ransomware in action on Twitter, which included a very legitimate-looking “Configuring critical Windows Update” screen with the download update counter.

Unfortunately, what’s happening during this time is that all the users’ files are being encrypted. You can cancel the update screen by hitting Ctrl+F4 but this does not appear to negate the encryption process. Eventually, you will be greeted with the message below.


The note doesn’t list any fee but encourages the victim to email for further instructions. It warns the user that all files will be destroyed if they don’t respond within a week, and that trying to retrieve your files on your own will permanently destroy the data as well.

The ransomware itself appears to be quite similar to others. It’s based on EDA2, the code commonly used in many different ransomware attacks, and encrypts files with AES-128 encryption. But right now there’s no decryption key available for Fantom.

There’s no sign of where exactly this new ransomware and infection tactic has come from, but according to Bleeping Computer, the very poor English in the ransom note suggests it’s not originating from a native speaker. Researchers and hackers have tried to pin down possible sources of ransomware by picking apart the language and terminology used in the text, with many putting the blame on Russian-speaking hackers.

As far as Fantom goes, one of its infection notices lists an email address from Russian provider Yandex but also a Techemail address, which is provided by California’s, so it’s not possible to attribute Fantom to anyone at this point.

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Lagging in games? This Windows 11 update might fix the problem
Woman shouting with joy while playing games on a PC.

Microsoft has apparently resolved the gaming issues in the Windows 11 22H2 update, making it safe for anyone that hasn't updated yet to do so now.

The gaming problems were confirmed by Microsoft two weeks into November, following ongoing complaints from Windows gamers that had noticed popular games lagging. A safeguard hold was placed, stopping automatic update alerts but not preventing manual updates.

Read more
iCloud might be sending your photos to strangers’ computers
Microsoft has released a new Windows 11 feature that makes the OS photos app compatible with Apple's iClould.

Microsoft's newly announced iCloud for Windows app, which is intended to connect your iCloud to your Photos app on your PC, has already developed a glitch that is sending photos to the wrong users.

Several users have reported instances on the MacRumors Forums where they have received someone else's images when attempting to load their iCloud data onto a Windows device, and similarly had their own images sent elsewhere. Some users also detailed receiving corrupted videos that played back only black screens with scan lines. Users began sharing their issues with the app on November 17 after Microsoft unveiled the feature the Wednesday prior.

Read more
It’s not just you: Microsoft confirms Windows 11 is having gaming issues
Acer Predator Orion 7000 sitting on a table.

Microsoft has confirmed that the latest update to Windows 11 is causing performance issues in some games, along with a host of other problems. Stuttering might be noticeable in some apps as well.

Microsoft has put a hold on its Windows 11 22H2 update on devices affected by this issue; however, it is still possible to install the update manually. If you haven’t updated yet, it’s best to wait until you get a notification that an update is available.

Read more