EIT Networks
Menu
  • Home
  • EIT-TV
  • Blog
  • About
  • Services
  • Shop
  • [Client Portal]
  • 0 items
    • your cart is currently empty
EIT Networks

Fantom: A New Security Threat

  • Home
  • Blog Page
  • AntiVirus
  • Fantom: A New Security Threat
  • September 9, 2016
  • Daniel Hendrix

The heart of a lady is not easily won; a man can’t rely on his looks or wallet to make a girl fall head over heels. He must charm his way into her heart. Let’s say that a computer user is the woman, and that ransomware, the man, is the dreamboat that has worked his way through all the woman’s defenses. How? He looked the part. This is how ransomware weasels its way into IT — because it doesn’t seem to pose a threat. Beware of Fantom, the most recently detected ransomware that is a master at deception.

 

AVG security researcher Jakub Kroustek recently spotted Fantom coded atop an EDA2, a ransomware-building kit that was open-sourced but eventually taken down. EDA2 contained certain flaws that allowed researchers to obtain decryption keys from its C&C server, yet these flaws have since disappeared, indicating that Fantom coders might have found and fixed them before anyone else had a chance to.

 

Very little is known as to how Fantom is distributed. As for the method of deployment, cybercriminals plant the file onto the target’s computer via spam email or exploit kits. Fantom-infected files are named criticalupdate01.exe; they utilize a “Windows Security Update” to prompt targets into running the file.

 

After activation, the ransomware starts by locking the user’s screen while displaying fake Windows Update graphics, complete with a fully-functioning percentage-based loading timer that mirrors the original Windows Update screen. However, beneath this pleasant facade, Fantom is encrypting your files right before your eyes. Luckily, the temporary lock screen is removable before it reaches 100% — simply press CTRL+F4. Unfortunately, the encryption process remains intact.

 

The MalwareHunterTeam states, “The ransomware uses classic ransomware encryption by locking files using an AES-128 key and then encrypting this key with a dual RSA key, with the private key stored on the crook’s server, and a public key left on the user’s PC.”

 

In order to retrieve the private key to unlock your files, you must contact the perpetrators by email. The email address is listed in the ransom note that appears after the process of encryption is complete. Fantom displays ransom notes in the form of HTML and TXT files, while changing the user’s desktop with a custom screenshot that lists the contact details. Lastly, after completing all its operations, Fantom cleans after itself by running two batch scripts wiping all the installation files clean.

 

Ransomware isn’t new, but the ways that cybercriminals utilize them are. Who would’ve thought that the ever so familiar Windows Update window has fallen prey to malicious intent? Pretend that you’re the Little Red Riding Hood and that the wolf is the ransomware that cybercriminals have disguised as your grandmother. They no longer wait to trap you, instead, they wait for you to walk straight into one instead.

 

The issue of ransomware is as extensive as it is meticulous. If you have any questions about Fantom or would like to request more information, feel free to get in touch with us! Give us a call or send us an email. Reach us at 1-866-BIT-WISE or sales@eitnetworks.net.

Posted in AntiVirus, Malware, SecurityTagged fantom, ransomware

Recent Posts

  • Reasons to back up your mobile devices
  • Get More Life From Your iPhone Battery
  • How to Guard Against Scareware

Archives

Categories

Recent Comments

  • Daniel Hendrix on Simple Tips on Wireless Security
  • Dennis Cockrell on New iPad, Same Name but Slightly Different
  • Keith Storm on New iPad, Same Name but Slightly Different
  • Dennis Cockrell on Is the Windows Desktop PC a Dinosaur?
  • Daniel on Is the Windows Desktop PC a Dinosaur?

Latest Posts

  • Reasons to back up your mobile devices
    Reasons to back up your mobile devices
  • Get More Life From Your iPhone Battery
    Get More Life From Your iPhone Battery
  • How to Guard Against Scareware
    How to Guard Against Scareware

Categories

  • Android
  • AntiVirus
  • Apple
  • Applications
  • BDR/Business Continuity
  • Business Philosophy
  • Email
  • Firefox
  • Firewalls
  • General Tech
  • Google
  • Google Chrome
  • Internet Explorer
  • iOS
  • IT Managed Services
  • Malware
  • Microsoft
  • Microsoft Office
  • Mobile Devices
  • Outlook
  • Paperless Office
  • PC
  • Printing
  • Security
  • Smartphones
  • Social Media
  • Software Applications
  • Technology
  • The Cloud
  • Uncategorized
  • Virtualization
  • VOIP
  • Wi-Fi
  • Work Habits

Tags

365 Amazon Android Apple battery browser Business Chrome comments communication Computer computers customers Cybersecurity El Capitan extensions Facebook feedback Google work Input Device iPad laptop Marshmallow Mouse Office online payment PC Build performance phone plugins ransomware reviews samsung samsung pay security Shopping Smart Phone social media Software tablet tag1 Tech jargon Virtualization voip Windows 10
EIT Networks
Welcome to our website. Let us know if you need anything while you're here.
Explore
  • Home
  • EIT-TV
  • Blog
  • About
  • Services
  • Shop
  • [Client Portal]
  • 0 items
    • your cart is currently empty
  • Managed IT
  • Cyber Security
  • Disaster Recovery
  • E-Waste Recycling
  • Cloud Services
  • IT Helpdesk
Contact
  • 250 Mill Street Suite PW2325, Taylors, SC 29687
  • 864 551 2061
  • info@eitnetworks.net
Newsletter
Sign up for our latest news & articles. We won’t give you spam mails.
© copyright 2021 by EIT Networks, LLC