Fantom Ransomware Pretends to be Windows Update

Computer virus concept in word tag cloud on white background

FANTOM RANSOMWARE PRETENDS TO BE WINDOWS UPDATE

One of the most popular ways that black hats infect computers is by making malware look legitimate. For the untrained eye, this could mean a professional looking bank email, a free software download, or even an operating system update. The latter strategy is what is being employed to convince users to download Fantom, a new strain of ransomware. Uncovered by AVG security researcher Jakub Kroustek, Fantom disguises itself as a “critical update” file that shows a fake Microsoft copyright.

According to the AVG report, the ransomware targets “Intel 386 or later processors and compatible processors,” and functions under the file names:

“af4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b.binFantom.exe”

“f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b.exe”

“f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b.bin”

“7d80230df68ccba871815d68f016c282.viruscriticalupdate01.exe”

Fantom ransomware disguised as Windows UpdateThe ransomware itself, once downloaded, activates WindowsUpdate.exe, which is a program that shows an update is occurring. Meanwhile, the files on your computer are encrypted with AES-128 encryption. WindowsUpdate.exe does not allow you to switch to any other programs, effectively locking your screen the second you execute the ransomware. Once finished, according to InformationWeek’s Kelly Sheridan, “Fantom victims will see a ransom note… Decrypt_Your_Files.HTML. The note will include the user’s ID key and directions for how to email the cybercriminals with payment.”

As of now there is no way to decrypt the files on your machine once Fantom’s payload has been activated. The only way to prevent damage from Fantom is to engage in smart decision making when on your computer. Microsoft itself echoed this sentiment in a statement released about the Fantom ransomware. In the statement, a Microsoft spokesperson encourages “customers to practice good computing habits online, including exercising caution when clicking on links to Web pages, opening unknown files, or accepting file transfers.”

In many ways, ransomware, especially of this kind, is a form of a social-engineering attack. To better protect yourself against being tricked into downloading malware like Fantom, I encourage you to read more about how social engineers operate. The best way to prevent a catastrophic cyber attack is to better understand the tactics used by cyber criminals.

Be the first to comment

Leave a Reply