Fantom: New Ransomware With a Twist

Claims to be a critical

from JoeUser Forums

 

There's a new twist in the ransomware game. Some (presumably) Russian cyber criminals have found a new way to deliver 'the goods' named "Fantom". They come disguised as a “Windows Update”, complete with a fake Windows Update screen pretending to be performing a “critical update”. This is the 'a.exe' file included with the encrypter, called 'WindowsUpdate.exe'. It even has a 'percent installed' meter and a warning not to turn off the computer during the update.

 

Needless to say, all it's doing is encrypting your files and you'll have to pay to 'decrypt' them.

 

The encryption occurs during the 'Configuring Update' screen, generating a random AES-128 key which is uploaded to the criminals' Command and Control Server.

 

Finally it opens an html file (in pretty poor English) informing you that you are screwed, and offers to decrypt 2 small files as proof they are on the level. They also mention that you have one week to pay or your key will be destroyed.

 

So… back up your data, and let the genuine Windows Update do its thing. MS will NEVER put updates out on the net to download.

 

Source:

 

https://malwaretips.com/threads/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update.62764/

 

http://www.neowin.net/news/fantom-ransomware-pretends-to-be-windows-update-while-it-encrypts-your-files

38,273 views 8 replies
Reply #1 from WinCustomize Forums Top


Finally it opens an html file (in pretty poor English) informing you that you are screwed, and offers to decrypt 2 small files as proof they are on the level. They also mention that you have one week to pay or your key will be destroyed.

 
End of quote

Whenever I'm being screwed I always want it done in 'pretty poor English'...;)

...but then I'm just weird...;)

Reply #2 from WinCustomize Forums Top

Quoting Jafo, reply 1

Whenever I'm being screwed I always want it done in 'pretty poor English'...;)
End of Jafo's quote

 

I'm sure. Very interesting...while writing the OP,  I was weighing whether to add, "This time, with their poor grammar, the poor sods have chosen to screw with the wrong person...".

Any guesses as to his identity? ;)

Groupy 2 - Organize multiple applications into grouped tabs on your Windows desktop
Reply #3 from WinCustomize Forums Top

Zubaz.............. :rofl: :rofl:

You been Zubished!

Reply #4 from Elemental Forums Top

Quoting Jafo, reply 1


...

Whenever I'm being screwed I always want it done in 'pretty poor English'...;)
...

End of Jafo's quote

Actually, I perfer proper, standard English when I'm being screwed.   I have class... 

Reply #5 from Sins Forums Top

My brother has class, but I haven't been to school in years.

 

Why would anyone, even someone over-educated, download windows updates off the internet?

Reply #6 from GalCiv3 Forums Top

My question is when my computer says important updates in the lower right corner does that mean I should never answer them.

Reply #7 from Elemental Forums Top

Quoting psychoak, reply 5

My brother has class, but I haven't been to school in years.

 

Why would anyone, even someone over-educated, download windows updates off the internet?
End of psychoak's quote

 

ummm, isn't the connection most users have with the MS servers via the internet?  

Reply #8 from WinCustomize Forums Top

Quoting admiralWillyWilber, reply 6

My question is when my computer says important updates in the lower right corner does that mean I should never answer them.
End of admiralWillyWilber's quote

Just what is giving you that notification? Are you on W7 or W10? Is it Windows Update or some other app?