Windows Update screen might hide a Fantom ransomware

For a while, Fantom ransomware virus has been attacking computer users and taking their files to hostage. The virus tricks users by showing a fake Windows Update screen that indicates the progress of ‘critical’ updates. Unfortunately, the operating system is not updating. The counter shows the progress of the file encryption. The hackers take user’s file to hostage and ask to pay the ransom. Cyber criminals use more and more aggressive tactics to scare the victims and encourage them to pay the ransom. The creators of Fantom virus claim that victims have only one week to pay the ransom. Later, their unique decryption key will be destroyed. Losing all the data might be a huge problem, but there’s no guarantee that hackers give back your files.

The Fantom virus uses a strong EDA2 encryption algorithm and puts .fantom extension to each encrypted file. When the data encryption is over, the virus changes desktop wallpaper that contains unpleasant message informing that all the files were encrypted. Also, the virus leaves a ransom note ‘DECRYPT_YOUR_FILES.HTML’ where hackers explain to users what have happened and what further steps victims should take. Unfortunately, hackers are not lying to the victims – it’s almost impossible to decrypt the files. But we do not say that you should pay the ransom. Nevertheless, hackers promise to give you decryption software; it doesn’t mean they are willing to keep their promise. Moreover, if they provide you particular software, it might include additional malware or viruses. So, the computer-related problems will continue. Therefore, there’s no need to contact the crooks with a provided e-mail address (fantomd12(@)yandex.ru or fantom12(@)techemail.com) and sponsor their illegal business.

Cyber security specialists recommend taking precautions before ransomware attack occurs. First of all, computer users should regularly backup all their files and store them in external devices. Secondly, using anti-malware programs strengthens computer’s security and reduces the risk of computer infections. Also, anti-malware software is always handy when downloading files from file-sharing domains because it protects from malicious files. Thirdly, users should avoid opening suspicious e-mails, especially, downloading provided attachments. Fantom virus spreads its hazardous file ‘WindowsUpadate.exe’ via malicious e-mail campaigns. Of course, the crooks replace the file’s name to trick users that it is safe and reliable. The majority of developers of ransomware-type viruses use the same method of distribution. So, users should always be careful and take care of their computers’ safety.

About the author
Olivia Morelli
Olivia Morelli

Malware analyst...

Contact Olivia Morelli
About the company Esolutions

Read in another language