Fantom Ransomware
The Fantom Ransomware is an encryption ransomware Trojan that has garnered attention because of the elaborate hoax that accompanies this threat. The Fantom Ransomware uses sophisticated techniques to carry out its attacks. In most cases, computer users fail to realize that the Fantom Ransomware is carrying out its attack on their computers. The Fantom Ransomware is related to the well-known EDA2 project, an open source ransomware threat that backfired and resulted in numerous high-profile ransomware infections. One of the reasons why the Fantom Ransomware has garnered attention is because of its effective use of a fake Windows Update Screen, which makes it seem as if the infected computer is undergoing an important update.
The Fantom that will Haunt Your Finances
If your computer seems to be going through a large update suddenly, make sure that it is legitimate. This supposed 'critical update,' which is labeled as being delivered by Microsoft, is a hoax designed to install the Fantom Ransomware. The Fantom Ransomware is linked to an executable file named WindowsUpdate.exe, which displays the well-known Windows Update screen. However, while this is happening, the victim cannot access the Desktop of the infected computer. A progress bar appears, suggesting that the computer is being updated. In fact, this is simply to cover up that the Fantom Ransomware is working in the background to encrypt your files. It is possible to skip the fake update screen and access the computer. However, even if the fake update screen is skipped, the Fantom Ransomware will continue to carry out its encryption on the targeted computer.
The Fantom Ransomware uses the AES-128 encryption to take over the victim's computer. The Fantom Ransomware targets a large number of file types. Some of the file types that will be encrypted by the Fantom Ransomware include the following:
.docm, .docx, .dot, .dotm, .dotx, .dox, .dpk, .dpl, .dpr, .dsk, .dsp, .dvd, .dvi, .dvx, .dwg, .dxe, .dxf, .dxg, .elf, .epk, .eps, .eql, .erf, .err, .esm, .euc, .evo, .ex, .exif , .f90, .faq, .fcd, .fdr, .fds, .ff, .fla, .flac, .flp, .flv, .for, .forge, .fos, .fpk, .fpp, .fsh, .gam, .gdb, .gho, .gif, .grf, .gthr, .gz, .gzig, .gzip, .h3m, .h4r, .hkdb, .hkx, .hplg, .htm, .html, .hvpl, .ibank, .icxs, .idx, .ifo, .img, .indd.
The Fantom Ransomware targets documents and media files on the infected computer, skipping files that are used by Windows to operate. Files that have been encrypted by the Fantom Ransomware can be spotted easily because the Fantom Ransomware adds the extension '.the Fantom' to each encrypted file. The Fantom Ransomware also drops ransom notes in the form of files named DECRYPT_YOUR_FILES.HTML, which are dropped in directories where it has encrypted files. This ransom note contains information on how to pay the Fantom Ransomware ransom. As part of its attack, the Fantom Ransomware also will delete the Shadow Volume Copies of the victim's files. The Fantom Ransomware also will destroy the fake Windows Update file after the attack has been carried out, to mislead PC security researchers and make research on the Fantom Ransomware more difficult probably.
How the Fantom Ransomware may Infect a Computer
The Fantom Ransomware may be distributed using corrupted email attachments. The Fantom Ransomware may be delivered in a corrupted file contained in a spam email message. When computer users open the attached file, the Fantom Ransomware is installed on the targeted computer. Computer users shouldn't open unsolicited email messages and attachments. If you receive a suspicious email attachment from an email contact, it is a good idea to check with that person through a different method (such as over the phone) to make sure that they did indeed send that file. A reliable security program that is fully up-to-date can intercept threats like the Fantom Ransomware before it carries out its attack.
