It is currently 20-10-2017 06:32

Extortionate FOR Fantom masquerades as Windows update

Extortionate FOR Fantom masquerades as Windows update

by sigismund » 2016-08-28 10:17:18


At the moment, any way to recover files without paying the ransom is missing.


A researcher from AVG Krostek Jakub (Jakub Kroustek) found another malware, established on the basis of the project open source EDA2. Owl expert, Fantom displays on the screen of the infected computer fake Windows update window, notifying you that the system reportedly installs a critical patch. At the same time in the background unnoticed ransomware encrypts the user's files.

At the moment, any way to recover files without paying the ransom is missing. According to Lawrence Abrams (Lawrence Abrams) from Bleeping Computer, the Fantom developers have made every effort to hide the malicious activity of extortion disguised it under a critical Windows update. For greater credibility in the properties files, the name "critical update".

After the establishment of the system of the victim Fantom retrieves and executes the file WindowsUpdate.exe displaying a fake screen setup of Windows updates. The screen is displayed on top of all open Windows user and blocks access to any arc program. To get rid of it by pressing the key combination Ctrl+F4. The fake update installation will complete and Windows will open again as usual, but encrypting the files will still continue.

After completing the encryption process, the Fantom displays a notification with instructions on how to restore files and a unique identifier assigned to each victim. According to the notification, the user should contact the operators of the Trojan on the specified e-mail and provide your ID. Then he should pay for the "services" of attackers to decrypt files, then he will get a decryptor.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5