Fantom: Ransomware Disguised as Windows Update

 

Malware depends on trickery to get into your computer and do its dirty work. A recently discovered ransomware program called Fantom is one of the sneakiest, pretending to be a Windows update.

bigstock-Virus-Alert-42023608.jpgRansomware encrypts files on your computer in bulk, making them useless, and then demands payment for a decryption key. Fantom follows this pattern, demanding a "reward" in badly written English when it's done. While it's wrecking your files, it presents a Windows update screen that warns you: "Do not turn off your computer." This helps it to buy time to complete the damage. The executable file adds to the pretence by displaying fake Microsoft trademark and copyright information in its file properties.

Closing the screen with ctrl-F4 will take down the update display but won't stop the encryption.

It's not clear how Fantom gets onto people's computers. It seems to use the Windows update trick only after it's started running. No one has mentioned any cues to tell its display from a legitimate Windows update.

It uses a strong encryption method, and there's no way to decrypt the files it mangles. There's no guarantee you'll get your files back even if you pay the crooks, and paying them will help finance their operation. The best defences against it are the usual ones:

  • Treat any email you get from unfamiliar sources with suspicion. Don't open attachments or links that they include.
  • Keep up-to-date security software on your computer. It will block many kinds of malware and detect suspicious activity, such as mass replacement of files.
  • Keep a frequently updated offsite backup. Ransomware will go after attached backup drives as well as the main drive of a computer.

Ransomware has become the #1 malware threat on the Internet. It's important to stay on guard against it.

Mirus IT's support services & solutions will keep your systems up and running and safe. Please contact us for more information.

We've also released a new E-Book 'The Business Guide to Ransomware' which you may be interested in downloading. You can download it here: http://www.mirus-it.co.uk/business-guide-ransomware