Fantom Ransomware Mimics Windows Update Screen. From Softpedia.
Ransomware often tries to disguise its malicious behavior using various tricks. The latest method observed is that employed by a new variant called Fantom, which shows a fake Windows Update screen while, in reality, it’s encrypting the user’s files.
The ransomware, spotted for the first time only a few days ago by AVG security researcher Jakub Kroustek, is coded on top of EDA2, a ransomware building kit that was open-sourced last year but eventually taken down.
EDA2 contained flaws that allowed researchers to obtain the decryption keys from the ransomware’s C&C server. According to an analysis from Bleeping Computer, those flaws aren’t there anymore, meaning one of the Fantom coders must have found and fixed them.