FantaroX Ransomware

The FantaroX Ransomware is a variant created by using the previously identified malware named Chaos as a basis. This particular threat was first caught by security researchers. Like a typical ransomware, FantaroX is equipped with a strong encryption algorithm that will leave most of the data of its victims in an unusable state. The attackers then try to extort the affected victims for money in exchange for the potential restoration of the files. 

Each file locked by the threat will have '.FantaroX' added to its original name as a new file extension. Furthermore, the threat will drop a text file named 'read_it.txt' on the desktop of the breached device. The default desktop background also will be changed to a new image provided by the threat. 

Ransom Note's Details

Curiously, the ransom note of the threat containing the instructions for its victims is written in Hungarian entirely and doesn't feature any translations into other languages. This could be a signal that FantaroX is deployed as part of an attack campaign targeting Hungarian users specifically. According to the message, affected users will need to pay the sum of 10.000 Ft (Hungarian forint), worth approximately $28, as a ransom. To receive additional instruction, victims are directed towards messaging the 'fantarox@protonmail.com' email address.

The full text of the ransom note in its original language is:

'Szervusz!

A számítógéped sajnos megfertőződött a FantaroX vírussal. Mindenfontos fájlod katonai szintű titkosítás alá került. Ha megpróbálod eltávolítani, vagy a hivatalos felüldő program nélkül visszaszerezni a filokat azok örökké használhatatlanná válnak.

Amennyiben vissza szeretnéd kapni az adataidat fizetned kell 10,000 forintot.

Ezen az email címen tudod felvenni velünk a kapcsolatot:

fantarox@protonmail.com'