A new ransomware called Fantom was discovered by AVG malware researcher
Jakub Kroustek that is based on the open-source
EDA2 ransomware project. The Fantom Ransomware uses an interesting feature of displaying a fake Windows Update screen that pretends Windows is installing a new critical update. In the background, though, Fantom is secretly encrypting a victim's files without them noticing.
Unfortunately, there is no way to currently decrypt the Fantom Ransomware and usual methods for get EDA2 based ransomware keys are not available with this variant. For those who wish to discuss this ransomware or need support, you can use the
Fantom Ransomware Help Support Topic.
Fantom disguises itself as a Critical Windows Update
The developers behind the Fantom Ransomware make an extra effort to hide it's malicious activity by pretending the program is a critical update for Windows. To add legitimacy, the file properties for the ransomware states that it is from Microsoft and is called critical update.
