New Fantom Ransomware Poses As Windows Update

Fantom malware comes disguised as a legitimate Microsoft Windows update to trick consumers and business users into downloading it.

IT managers have a new ransomware threat on their radar that comes camouflaged as a Critical Windows Update to trick enterprise users and consumers into clicking malicious links.
Fantom, a recently released ransomware variant, was discovered by malware researcher at security software firm AVG,
Jakub Kroustek
, who spotted the attackers using the detailed disguise to steal information from Windows PCs.
Ransomware is a
type of malware attack
through which hackers block users PC access, encrypt users files so they cant be used, and prevent certain apps from running. The victim is warned that to retrieve his or her files or PC acces, he or she must pay a specified ransom fee -- which doesnt necessarily guarantee the attackers will relinquish the ransomed data.
The design of Fantom ransomware is based on the open-source EDA2 ransomware project, reported
BleepingComputer
. Victims will first see a phony Windows Update screen, which was built to make them think theyre downloading a new critical Windows update.
To make the update appear legitimate, the attackers added fake details like a Microsoft copyright and critical update file name. Unsuspecting users may agree to download and think theyre updating their PC as usual.
In reality, the virus is working in the background to encrypt files so they can be held for ransom. An embedded program called WindowsUpdate.exe launches a full-display update screen so users cant switch between apps while the update is in progress.
When the ransomware is done encrypting files, Fantom victims will see a ransom note with the name Decrypt_Your_Files.HTML. The note will include the users ID key and directions for how to email the cybercriminals with payment in order to regain access to their information.
This ransomware encrypts files using AES-128 encryption. There is no means of decrypting Fantom.
A Microsoft spokesperson provided the following statement about Fantom:
Microsoft’s free security software, which comes standard with Windows, detects and helps remove Fantom malware. We also encourage customers to practice good computing habits online, including exercising caution when clicking on links to Web pages, opening unknown files, or accepting file transfers.
Ransomware attackers employ a variety of means to fool users into granting access to their machines, but this is a crafty one. It also targets a massive portion of business users, most of whom work on Windows machines.
Fantom is particularly threatening to the enterprise because it mimics a screen most business users recognize. The cybercriminals are betting employees will believe the upgrade prompt is legitimate and download the ransomware without thinking twice.
[Fantom] is part of an increasing trend of malicious software that mimics things we know and trust, says Norman Guadagno, chief evangelist at Carbonite. This makes it frightening, and potentially even more dangerous, in an enterprise scenario because were all used to seeing those Windows Update screens.
He says its important for businesses to notify users of this threat and to convey how Windows Update is handled inside the organization. They should also encourage precautionary measures; for example, ensuring computers are backed up so that if theyre infected, they can be rolled back without a ransom payment.
If a victim doesnt have his or her data backed up, oftentimes they end up paying the ransom, Guadagno says. Most ransomware attackers will release files after payment is received, however, he notes.
IT managers should be on alert for this type of attack, as ransomware statistics indicate this threat is a growing risk to businesses. In a 2016 mid-year
Trend Micro
report, researchers claim more new ransomware families appeared in the first half of 2016 than throughout all of 2015.
The report showed 79 new ransomware families were added in the first half of this year. These, combined with older variants of the malware, have cost businesses $209 million in monetary losses so far in 2016.
Ransomware is normally considered a bigger risk for small- to midsized business or individual users, but Trend Micro found the first half of 2016 also brought a spike in ransomware built to target business systems. New variants of enterprise-focused malware include CRYPSAM and CRYPRADAM AND KIMCIL.
Some companies manage their users Windows Updates, but not all businesses have the resources to do this. Home-based and remote workers are especially vulnerable as they typically install their own updates.
Related Content:
Ransomware Costs Enterprises $209M In 1H 2016
Global Cost of Cybercrime Predicted to Hit $6 Trillion Annually By 2021, Study Says
Anatomy of a Social Media Attack
Malware Markets: Exposing The Hype & Filtering The Noise

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
New Fantom Ransomware Poses As Windows Update