Fake Windows Update is Ransomware Masquerade


There’s a Fantom on the loose, and it’s after your files.

Althoughit’s not a very well-written program, and it hasn’t been transmitted in spam email blasts, the Troj/Fantom-B (as it’s pegged by ransomware-blocker Sophos) or Fantom ransomware does, nevertheless, masquerade as a Windows 10 “critical” update, and will mess up your files and demand money from unwitting email users when it successfully fools recipients. It’s an all-too-familiar ransomware scenario, which may work in email users’ favor.

This is the job of a Chief Information Officer, or CIO.

Small to medium-sized businesses often have limited budgets when it comes to IT, and hiring a full-time or fractional CIO or CTO may be out of their range. Without qualified guidance and strategy, even the most innovative IT solutions in the world can only go so far. This is where vCIO comes in. A vCIO, or Virtual Chief Information Officer, can accomplish everything you would need from an in-office CIO for a fraction of the cost. Or, at least, Integris’s vCIO services can. Before you start searching the Net for services that other CIO applicants and vCIO providers can do, let’s break down what it is these positions should do for you:

The bad news is that this latest ransomware scam program works effectively if it gets past your computer security, or you inadvertently click on it.

The fact that Fantom is obviously written by illiterate cyber crooks won’t matter once it gets into your device’s system. It was, unfortunately, written at least well enough for that. It can encrypt your data files soon after being unwittingly downloaded, but it’s the “pay page” that really shows the room-temperature IQ-levels of the hackers that threw this one together.

Is Fantom evidence that the world of ransomware and hacking is opening up to lower levels of cybercriminal opportunists? They were able to write the malware program in C#, which shows the Fantom authors’ lack of knowledge about programming or cryptography. Be sure your email spam filters are leveled-up, though, because Fantom may be lurking behind the requisite fake invoices and requests for a quotation, which are two very common and effective email fronts for ransomware assaults.

How Fantom Works

Masquerading as a Microsoft critical update to Windows, it sends you a .exe file, which is the first red flag. You see, critical Windows updates will NEVER be sent to you via an email attachment – and especially not without a digital, proprietary Microsoft signature, as Fantom lacks. If Fantom gets up and running on your device, you will see a box with two new processes, listing:

  • Critical update (32-bit)
  • WindowsFormsApplication5

The critical update file is the one that does the file scrambling while the secondary and oddly-named WindowsFormsApplication5 file is set into motion by the first one and used merely as a decoy. While the second one distracts you, the “critical update” runs through your files and renames them with the extension “.fantom” (as fast as the malware can get through your database).

You will then see a somewhat legitimate-looking animated full-sized window with white lettering on a blue background that says:
Configuring critical Windows Updates
1% complete
Do not turn off your computer.

If you are a quick hand, you can hit Ctrl-Alt-Esc and access the task manager, and from there terminate both ransomware processes. Some aren’t so fast, or aren’t aware of its presentation, and as a result end up getting a significant amount of their files screwed-up by this fake Windows update.

Backed-up Files Fight Ransomware

Remember that the best way to fight the current ransomware scourge is to have your data files completely backed-up on an external or off-site (cloud) storage. Along with that, never pay the ransom demands, but instead call a managed IT services provider immediately to have them walk you through the ransomware elimination. Not having one in the first place to guide you on the finer points of beating ransomware is likely why you became a ransomware victim in the first place.

Get Trusted IT Pros on the Job

If you have questions about getting ransomware-fighting cybersecurity for your company network set up, Integris is the leader in providing managed IT services in New Jersey, as well as the New York MetroArea. Contact us today at (888) 330-8808 or send us an email at [email protected], and we will be happy to answer all your questions.

Our premier SECaaS solutions are built on an incredibly sophisticated software called SonicWall (this is where that SaaS comes into play). Not only is SonicWall the only firewall provider that offers SECaaS , but Integris is the only certified distributor of the program in the region, making it the highest ranked distributor of SonicWall in Northeastern U.S. If our five-point SECaaS solution didn’t impress you, we know that will.

Our SECaaS program is only the first of our five cyber security services. Even more security, custom fitted to your company’s needs? How could you NOT want to learn more about our cyber security services? Don’t worry — we’ll tell you everything you want to know!

Was this article helpful?

For more information about how Integris can benefit you.

We're Integris. We're always working to empower people through technology.

Keep reading

Three Reasons Community Banks and Credit Unions Need a vCISO Now

Three Reasons Community Banks and Credit Unions Need a vCISO Now

Engaging with a vCISO now gives community banks and credit unions an instant, versatile, and scalable resource to optimize trust as the banking industry weathers two storms: a rash of high-profile financial institution failures and nonstop cyber warfare. As "too big...

IT Evolution: The Shift From On-Premise Hardware to the Cloud

IT Evolution: The Shift From On-Premise Hardware to the Cloud

“As a Service” developers drive IT evolution by helping businesses shift from on-premise hardware to the cloud. Today, cloud offerings like Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) reign supreme. According to...