Fake Windows Update is Actually Fantom Ransomware Encrypting Your Files

Fantom is a new ransomware that mimics a real Windows update. It displays a false Windows Update screen as seen below but in the background it encrypts your files. It is part of a growing trend of viruses that look like software we know and trust. And because we often work on autopilot, something like this can slip by us during a busy work day.

Awareness and user training helps reduce risk, so please do share this blog post with your entire team.

Small businesses, especially those with remote or home users, can be at greater risk because they don’t have systematic Windows Updates performed, end to end network security, or commercial grade antivirus on every machine. The closing of these security gaps is what makes managed IT services for small business so valuable, even though companies usually sign up for the unlimited computer support that is included.

A mid 2016 Trend Micro report showed that more new ransomware families appeared in the first half of 2016 than throughout all of 2015 combined - with a total of 79 new ransomware families in circulation.

Now more than ever, small businesses need to be reviewing their computer network security with the help of a skilled professional.

Fantom Ransomware - What to Look For

Look for any suspicious incoming file or download, especially one claiming to be a Windows Update which has a file name of WindowsUpdate.exe.

If you accidentally install this virus, your entire screen will be filled with a fake update screen - see screenshot below, courtesy of Bleeping Computer.

You can close this screen by using Ctrl+F4, however this will not stop your files from being encrypted.

If you’re unsure whether or not you’re infected with the Fantom Ransomware, take a look at a some of your file extensions - Fantom will change encrypted files to show a .fantom extension.

Once all files are encrypted, the virus will wipe off all traces of itself, leaving only your encrypted files and a ransom note - see screenshot below.

What To Do If You’re Infected With The Fantom Virus

Unfortunately, at the moment, there is no way to decrypt files locked by Fantom Ransomware. At this point, you will need to format your computer and recover files from backup. If you need computer help to do this, call your IT Provider, or call us for computer support in Toronto, Durham Region and the GTA. (416) 292-3300.

Avoid Ransomware Infection

Prevention is key and these are some guidelines to limit your risk of ransomware infection.

Backup Your Data – All users should regularly backup their data, especially sensitive and important files. It’s important to perform daily or weekly backups so if you’re ever infected you can restore without losing too much work. It’s also important that your data backup method is not attached to your network, as many types of ransomware can encrypt anything on your network, backup files included.

Use A Strong Antivirus Solution – Most commercial grade Antivirus software has detections already in place to thwart the Fantom Ransomware, so be sure to use a strong antivirus solution on every computer, even those use occasionally, and ensure the software is updated weekly.

Be Vigilant – When opening new emails or viewing an unfamiliar website it’s best to be suspicious or anything from an unknown sender or anything unexpected or out of the ordinary from a known sender. Only download files from well known, trusted websites. Be wary of free clip art, games and apps sites.

Refresh & Remind - Review computer security at your team meetings to remind existing team members of good practices and to introduce these practices to new employees.  You can find more tips to help reduce ransomware infections in this post.

IT Security Services In Toronto ON: TUCU is an IT Services Provider in Toronto ON, offering IT security assessment, remediation and support. Schedule your free phone consultation to discover how we can help you limit exposure and protect your business.