The ransomware itself is called "CriticalUpdate01.exe," the file it extracts is called "WindowsUpdate.exe," and the screen that displays as it begins to encrypt your files looks very much like the modern blue screen that Windows 8, 8.1 and 10 users are familiar with. "Unfortunately, there is no way to currently decrypt the Fantom Ransomware," While you're waiting for Windows Update to finish and the machine to restart, Fantom is happily at work encrypting all the files it can find bearing any of about 600 different suffixes, including those commonly used for music, video, photo and office files. Encrypted files get the additional suffix ".fantom." When the encryption process is finished, Fantom pops up a ransom note instructing the user to email a Russian email address. No specific ransom amount is mentioned, but presumably the response from the online criminals will include one. Victims have a week to pay up or the files will be erased, the note says in pretty poor English. To prevent infection by any kind of ransomware, don't click on any links in email messages you don't expect and install and run robust, continually updating antivirus software.
4 Comments
|
JasonOwner of Byteback Computers, LLC Archives
June 2021
Categories |