Personal computer users should think twice before clicking on those familiar Microsoft Windows Update screens that pop up from time to time—or you could fall victim to a ransomware attack.
A new form of ransomware named "Fantom Ransomware" displays as a critical Windows Update in an effort to trick users into clicking and downloading the malicious software. To disguise the malicious software from unsuspecting users, the hackers who created Fantom went so far as to list it as coming from “Microsoft Corporation” in the ransomware file properties.
Once executed, Fantom Ransomware encrypts victims’ files with AES-128 encryption and appends their extensions to ‘.fantom.’ The malware also plants a DECRYPT_YOUR_FILES.HTML ransom note in each folder it attacks and then displays the note on screen.
Fantom Ransomware was discovered in the wild a few weeks ago and there are currently no decryption keys available—which means that to regain access to data, victims have to pay the ransom or recover their files from backup.
The Fantom Ransomware variant is particularly disturbing because its creators are preying on computer users’ tendency to feel safe and secure about things they see frequently—such as a Microsoft Windows update screen, says Norman Guadagno, a ransomware expert and chief evangelist at Carbonite.
“It’s an interesting because when you think about it, we see these screens so much that we don’t see them,” Guadagno said. “We just consider them part of the landscape and we don’t think twice about it. These cybercriminals are preying on basic human psychology.”
Fantom Ransomware should also serve as a reminder that the world is entering an era when computer users need to be more aware of what’s happening at all times and take extra steps to protect themselves.
You should be diligent to keep your antivirus/malware solution up to date along with using common sense not to click on attachments that look suspicious. If you would like to read more on the topic of Ransomware checkout Fight Ransomware website for more resources.