Fake Windows Update is Actually Ransomware

A new strain of ransomware is making its way around the Internet and what’s so nefarious about this version is that it disguises itself as a Windows update.

What happens is that an attachment in a phishing email, when clicked, actually launches a process that brings up a prompt advising the user that an important Windows update is available. People go along with it thinking that they are doing the right thing by keeping their computer up to date.

The ransomware itself is called “Fantom” and the actual executable that starts the process is “CriticalUpdate01.exe.” Once executed it extracts “WindowsUpdate.exe,” and the screen that displays as it begins to encrypt your files looks very much like the modern blue screen that Windows 8, 8.1 and 10 users are familiar with.

But what’s actually happening is that your files are being encrypted. The next thing you’ll see is a screen telling you all your data has been encrypted:

Fantom ransom screen
Fantom!

At this point your only options will be to restore all data from a backup or pay the ransom.

So what can you do to stay safe? Here are 5 basic steps to take.

  • Remind all your users never to open or click on links in messages they are unsure of
  • Don’t run Windows in Administrative mode
  • Make sure you have a good and up-to-date antivirus/anti-malware product installed
  • Be sure your Windows firewall is working and up to date
  • Don’t run old, out-of-date software. It often contains known vulnerabilities that cyber-criminals exploit

Everyone stay safe out there!


 

Author: Glenn Mores

President & CEO MicroData