Beware: Fantom ransomware looks like Windows Update but destroys your data

Ivan Jenic By: Ivan Jenic
2 minute read

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).

Windows 10 is all about updates. You basically cannot run the system properly without installing updates here and there. But just like with every aspect of Windows, you have to be careful with downloading updates because some of them might not be what you think they are.

Kaspersky recently warned its users and all Windows users about a new malicious software called Fantom. This Trojan is a ransomware that disguises itself as a regular update for Windows, encrypting user data and making it unavailable to access.

Fantom works just like any other ransomware. Once you download it onto your computer, it will create an encryption key and stores it on a command-and-control server. Once the process is complete, users are not able to access any of the encrypted data without paying for the encryption key.

When a user launches the Fantom executable, the virus simulates Windows Update screen and looks like any other update install. While users think a new, important update is being installed on their computers, Fantom is busy encrypting their files in the background.

Once Fantom does its thing, it deletes all suspicious files and executables and creates a .html ransom note. The ransom note contains further instructions on how to recover your data, by, of course, paying a ransom. Here’s how the ransom note looks:

ransom note fantom


For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).

It is not known how Fantom is distributed, but Kaspersky cited a few methods of avoiding it, minimizing the risk of receiving it:

  • Back up your data regularly and keep backup copies of your files on a disconnected external drive. Having a backup means you will be able to restore your system and files even if your PC gets infected.
  • Be cautious: Don’t open suspicious e-mail attachments, stay away from murky websites, and don’t click on dubious online ads. Fantom, like any malware, may use any of these attack vectors to infiltrate your system.
  • Use a robust security solution: For example, Kaspersky Internet Security already detects Fantom as Trojan-Ransom.MSIL.Tear.wbf or PDM:Trojan.Win32.Generic. And even if a yet-unknown sample of ransomware bypassed the antivirus engine, the System Watcher feature, which monitors suspicious behavior, would block it.

We advise you to follow these instructions and to be extremely careful when opening email attachments and downloading data from suspicious sources. There’s no way to get your data back once Fantom encrypts it outside of paying the ransom, which is something you shouldn’t do because even if you pay the ransom, there’s no guarantee you’ll get your data back.

RELATED STORIES YOU NEED TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).

Discussions

Next up

Dutch Regulators catch Windows 10 breaching GDPR

Giles Ensor avatar. By: Giles Ensor
3 minute read

Two years in the offing and GDPR is still being breached. It will come as no surprise to many that a big, American tech company […]

Continue Reading

Microsoft was just playing with Mail ads and turned them off

Giles Ensor avatar. By: Giles Ensor
3 minute read

The symbiosis of the internet and advertising has long been understood. Everyone understands that if you have access to something that is ‘free’, inasmuch as […]

Continue Reading

Mozilla adds alerts about recently breached sites into Firefox browser

Giles Ensor avatar. By: Giles Ensor
3 minute read

Firefox has announced that it will start to warn users if they visit any breached sites. This is in an attempt to not only make […]

Continue Reading