Fantom ransomware hides behind a feigned Windows Update to encrypt victim’s files

A new variant of ransomware has been detected, and this one seems to be using advanced techniques to delude the computer user. Fantom ransomware virus is based on EDA2 ransomware code, and it hardly differs from any other crypto-ransomware variant. However, while other similar viruses just silently encrypt files without using any concealment techniques, Fantom virus executes a program named WindowsUpdate.exe, which displays bogus Windows Update screen. Therefore, while the victim thinks that critical updates are being installed on the system to make it more secure, in reality, there is malicious activity going on. The virus scans the entire system for targeted files and encrypts them, then adds .fantom file extension to each encrypted record.

Once Fantom virus completes the encryption process, it removes its executable files, creates a ransom note – DECRYPT_YOUR_FILES.HTML and saves copies of it in every folder that holds encrypted data, and changes the desktop wallpaper. The desktop wallpaper is just an image displaying a particular message, informing the victim that files have been encrypted and that the user needs to pay for the decryption service to restore encrypted files. However, it seems that the author of this ransomware is not a native English speaker, since the ransom note, as well as the message left on the new wallpaper, is full of grammar mistakes. The cyber criminal commands to email either fantomd12(@)yandex.ru or fantom12(@)techemail.com for information on how to decrypt data.

The aim of ransomware authors is to scare the victim by taking personal files hostage. They seek to convince the victim to pay the ransom; however, you should not even think about it. It is very unlikely that cybercriminals care about the victims or are willing to waste time helping them to restore encrypted files, even if the victim has paid the ransom. Beware because the decryption software that they suggest might bring additional malware to your computer and cause even more problems. One thing is clear – ransomware developers are not going to run out of creative ideas anytime soon, and since it is nearly impossible to recover files after such virus attacks the system, we strongly advise computer users to take preventative steps and protect their computers, as well as data stored on them in advance. See this article for tips on how to protect the computer from ransomware attack.