Warning! New ransomware disguised as Windows Update screen
A few weeks ago, a new ransomware strain known as Fantom was identified. This ransomware is based on the open-source EDA2 ransomware project. Because Fantom uses a fake Windows Update screen, it has the potential to be a huge worldwide threat. A user can easily be tricked into believing that Windows is updating itself, when in reality, this particular ransomware is actually encrypting files in the background.
For years, we’ve told everyone — including our friends and families — that updating a device with the latest security and critical patches is not just a best practice, but a requirement to stay as safe as possible when that device is on the internet. Because Fantom uses a fake Windows Update screen as a disguise mechanism, it will likely snare many victims. Whoever developed this ransomware spent some time to make it all appear legit. If you look at its file properties, the copyright information is “Microsoft” and the file name is criticalupdate01.exe.
When this ransomware is executed, it then executes another embedded program that displays the fake Windows Update screen. And just like a real Windows Update screen, there is even a percentage counter running while it encrypts a user’s files in the background. The fake screen doesn’t allow the user to switch to other applications. Although there are notifications that the good old <ctrl>-<F4> command will kill this fake application, the encryption in the background still continues.
Read the entire article here, Warning! New ransomware disguised as Windows Update screen
via the fine folks at Veeam Software