- Jan 24, 2011
- 9,378
VIDEO BY @CyberSecurity GrujaRS : Video Review - Fantom Ransomware - Demonstration of attack
A new ransomware called Fantom was discovered by AVG malware researcher Jakub Kroustek that is based on the open-source EDA2 ransomware project. The Fantom Ransomware uses an interesting feature of displaying a fake Windows Update screen that pretends Windows is installing a new critical update. In the background, though, Fantom is secretly encrypting a victim's files without them noticing.
Unfortunately, there is no way to currently decrypt the Fantom Ransomware and usual methods for get EDA2 based ransomware keys are not available with this variant. For those who wish to discuss this ransomware or need support, you can use the Fantom Ransomware Help Support Topic.
Fantom disguises itself as a Critical Windows Update
The developers behind the Fantom Ransomware make an extra effort to hide it's malicious activity by pretending the program is a critical update for Windows. To add legitimacy, the file properties for the ransomware states that it is from Microsoft and is called critical update.
When executed, the ransomware will extract and execute another embedded program called WindowsUpdate.exe that displays the fake Windows Update screen shown below. This screen overlays all of the active Windows and does not allow you to switch to any other open applications.
Read more: Fantom Ransomware Encrypts your Files while pretending to be Windows Update
A new ransomware called Fantom was discovered by AVG malware researcher Jakub Kroustek that is based on the open-source EDA2 ransomware project. The Fantom Ransomware uses an interesting feature of displaying a fake Windows Update screen that pretends Windows is installing a new critical update. In the background, though, Fantom is secretly encrypting a victim's files without them noticing.
Unfortunately, there is no way to currently decrypt the Fantom Ransomware and usual methods for get EDA2 based ransomware keys are not available with this variant. For those who wish to discuss this ransomware or need support, you can use the Fantom Ransomware Help Support Topic.
Fantom disguises itself as a Critical Windows Update
The developers behind the Fantom Ransomware make an extra effort to hide it's malicious activity by pretending the program is a critical update for Windows. To add legitimacy, the file properties for the ransomware states that it is from Microsoft and is called critical update.
When executed, the ransomware will extract and execute another embedded program called WindowsUpdate.exe that displays the fake Windows Update screen shown below. This screen overlays all of the active Windows and does not allow you to switch to any other open applications.
Read more: Fantom Ransomware Encrypts your Files while pretending to be Windows Update
