A few weeks ago, a new ransomware strain known as Fantom was identified. This ransomware is based on the open-source EDA2 ransomware project. Because Fantom uses a fake Windows Update screen, it has the potential to be a huge worldwide threat. A user can easily be tricked into believing that Windows is updating itself, when in reality, this particular ransomware is actually encrypting files in the background.

For years, we’ve told everyone — including our friends and families — that updating a device with the latest security and critical patches is not just a best practice, but a requirement to stay as safe as possible when that device is on the internet. Because Fantom uses a fake Windows Update screen as a disguise mechanism, it will likely snare many victims. Whoever developed this ransomware spent some time to make it all appear legit. If you look at its file properties, the copyright information is “Microsoft” and the file name is criticalupdate01.exe.

When this ransomware is executed, it then executes another embedded program that displays the fake Windows Update screen. And just like a real Windows Update screen, there is even a percentage counter running while it encrypts a user’s files in the background. The fake screen doesn’t allow the user to switch to other applications. Although there are notifications that the good old <ctrl>-<F4> command will kill this fake application, the encryption in the background still continues.

Luckily, the risk with this specific ransomware is rather low for the moment. There is no mass-mailing (yet), and you need to actually download the file yourself and execute it. Still, a variant of this ransomware may emerge eventually with the same theme, yet better organized. Here are few precautions you can take to avoid this type of malware:

  1. Use an anti-malware solution and keep it up-to-date. Some anti-malware solutions out there already have definitions that will catch this one.
  2. Get your device up-to-date. Use the official Windows Update solution in Windows, and don’t download any so-called critical If an update really is critical, it will come through Windows Update on its own.
  3. Always be very careful. Don’t download or execute everything that the internet tells you to download or execute. Read thoroughly! Most malwares or threats are detectable by just reading the text and seeing that the language is badly written or the URLs for downloads point to suspicious names.

Despite taking proper precautions, there is still a chance that you could get infected. At that point in time, you have a couple of options:

  1. Call the police! Depending on which country you live in, this could be a different agency, but it is (and remains) important that you notify the authorities so they can investigate and maybe help others based on the information they can get from your device. And who knows, they might even have a solution for your problem since some of the ransomwares out there have leaked deciphering keys.
  2. Pay the ransom? No, please don’t. While it may seem like a small price to pay to get your precious data back, in many cases you will not only lose the money, you likely won’t be getting your data back either. In addition, if you pay, you are only encouraging these people to continue to create these types of threats.
  3. Have a backup. Let me repeat this. Have a backup. In addition, be sure that your backup is ejected from the device after the backup process, so the ransomware can’t encrypt your backup files. With a good backup solution, you can always recover your data. In the very worst case with a good backup, you may only lose a small amount of data created between the time of infection and the time of the last good backup.

Stay safe with Veeam!

Veeam Endpoint Backup FREE is the perfect choice for backing up your data. It is totally free and it even comes with support, although this is without SLAs. Veeam Endpoint Backup FREE even has an option of ejecting removable devices automatically after a backup is complete.

Veeam Endpoint Backup FREE

Additional resources:

GD Star Rating
Warning! New ransomware disguised as Windows Update screen, 5.0 out of 5 based on 2 ratings

Veeam Availability Suite

#1 Cloud Data Management for on premises, AWS, Microsoft Azure and Azure Stack, and IBM Cloud.