There’s a New Ransomware That’s Disguised as a Windows Update Screen

Just when you thought you knew all the sneaky tricks of the ransomware virus, a new one called Fantom has been identified. This ransomware is based on the open-source EDA2 ransomware project. Fantom uses a fake Windows Update screen to trick users into updating their computer when in fact it will be encrypting all files in the background.

Generally, staying up to date with the latest versions for your device(s) is ideal and something that is recommended throughout the IT industry. Just take precaution with doing so.

Whoever developed this ransomware spent some time to make it all appear legit. If you look at its file properties, the copyright information is “Microsoft” and the file name is criticalupdate01.exe.

When this ransomware is executed, it then executes another embedded program that displays the fake Windows Update screen. And just like a real Windows Update screen, there is even a percentage counter running while it encrypts a user’s files in the background. The fake screen doesn’t allow the user to switch to other applications. Although there are notifications that the good old - command will kill this fake application, the encryption in the background still continues.
— Mike Resseler, Veeam

At the moment, this is a low risk ransomware, but it does have the potential to be a worldwide threat. As far as we know, there are no mass-mailings out yet and you actually need to download the file yourself and execute it.

So please take precautions in the future for all ‘Windows Update’ emails along with the current ones pretending to be your bank, Paypal or that random email address you don’t know sending you a file ‘that looks safe’.

Some more precautions to take:

  1. Use an anti-malware solution and keep it up-to-date. Most (not all) anti-malware solutions out there can catch this before the damage is done (we can recommend anti-malware solutions for you)
  2. Don’t be scared to keep your device up-to-date, just be sure to always use the official update solution
  3. Always take care and never download or execute ANYTHING that the internet tells you to. Try an ad-blocker extension to help minimise auto pop-ups when browsing
  4. Have a backup!  And also ensure your backup is ejected after the backup process so the ransomware can’t encrypt those files

If you do happen to fall victim to ransomware, please contact us immediately and we will be able to assist with this. Just a reminder to never pay the ransomware, this won’t guarantee that you will get your data back.


Originally posted by Mike Resseler - Link Here
Published: September 6, 2016