'fantomd12@yandex.ru' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 2,168 |
| First Seen: | December 28, 2016 |
| Last Seen: | July 26, 2022 |
| OS(es) Affected: | Windows |
The 'fantomd12@yandex.ru' Ransomware is a ransomware Trojan that belongs to the same family 0f the Fantom Ransomware. These ransomware Trojans are based on the EDA-2 ransomware project, released online as a proof of concept for educational purposes. Since its release, EDA-2 has served as the basis for numerous ransomware Trojans released by con artists, including the 'fantomd12@yandex.ru' Ransomware and its variants. The 'fantomd12@yandex.ru' Ransomware, like many similar threats, receives its name based on the email address used by the con artists to contact the victims and receive payments. The 'fantomd12@yandex.ru' Ransomware appeared shortly after most anti-virus programs were updated to block the Fantom Ransomware, making it likely that the 'fantomd12@yandex.ru' Ransomware is an improvement or update on this previous ransomware threat.
Table of Contents
This Fantom will Haunt Your Finances
The most common way of distributing the 'fantomd12@yandex.ru' Ransomware is through spam email attachments. The 'fantomd12@yandex.ru' Ransomware is designed to attack computers using the Windows operating system, affecting all commonly used versions of this platform. The 'fantomd12@yandex.ru' Ransomware is not very different from its predecessors, carrying out the same basic tactic. Essentially, the 'fantomd12@yandex.ru' Ransomware encrypts its victims' files to make them inaccessible to anyone that does not have the decryption key. It then demands the payment of a ransom from the victim in exchange for this decryption key.
The 'fantomd12@yandex.ru' Ransomware Attack
Unfortunately, once the 'fantomd12@yandex.ru' Ransomware has encrypted files, they are no longer readable without the decryption key. Keeping backups of all files is the best protection against attacks like the 'fantomd12@yandex.ru' Ransomware. Once the 'fantomd12@yandex.ru' Ransomware has carried out its attack, the 'fantomd12@yandex.ru' Ransomware drops its ransom note in an HTML file dropped on the victim's Desktop. This file is named 'DECRYPT_YOUR_FILES.html' and is opened with the victim's Web browser. Security researchers are against paying the 'fantomd12@yandex.ru' Ransomware ransom. The 'fantomd12@yandex.ru' Ransomware ransom note contains the following text:
'Attention !
All your files have been encrypted.
Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets. That means > RESTORE. YOU DATA POSIBLE ONLY BUYING decryption passwords from us. Getting a decryption of your files is - SIMPLY task.
That all what you need:
1. Sent Your ID_KEY on mailbox fantomd12@yandex.ru or fantom12@techemail.com
2. For test, decrypt 2 small files, to be sure that we can decrypt you files.
3. Pay our services.
4. GET software with passwords for decrypt you files.
5. Make measures to prevent this type situations again.
IMPORTANT(1) Do not try restore files without our help, this is useless, and can destroy you data permanently.
IMPORTANT(2) We Cant hold you decryption passwords forever. ALL DECRYPTION PASSWORDS, for what wasn't we receive reward, will destroy after week of moment of encryption.'
Dealing with the 'fantomd12@yandex.ru' Ransomware
Files that have been compromised in the 'fantomd12@yandex.ru' Ransomware attack will have the extension '.fantom,' making it simple to recognize which files have become inaccessible. The best protection against the 'fantomd12@yandex.ru' Ransomware is to have backups of all data. It may not be viable to recuperate the affected files without the decryption key, making it necessary to restore the affected files from a backup copy on the cloud or an external memory device. Storage has become very inexpensive, making it easy for all computer users to have backups of any file that is too important to lose. Unfortunately, threat researchers do not advise computer users to pay the ransom. It is very likely that the people responsible for the 'fantomd12@yandex.ru' Ransomware attack will simply ignore the victim's payment, ask for more money, or deliver a decryption method that simply does not work. In the rare event that these people do respond and restore the victim's files, it is important to remember that having paid the 'fantomd12@yandex.ru' Ransomware ransom finances further harmful activities, allowing them to continue developing threats like the 'fantomd12@yandex.ru' Ransomware.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.