Recent Ransomware Threats: Fantom and FairWare Ransomware

Although relatively new, ransomware is proving to be quite a menace for internet users across the globe. Reported incidents of attacks through this malware are becoming more and more prevalent as most people are unaware of such a threat.

What is Ransomware?

Ransomware is the type of computer malware that blocks the user’s computer access by putting a lock screen. It also encrypts files on your computer so that they cannot be accessed and inhibits certain apps and programs from running on the system.  It further demands a monetary ransom in lieu of the hijacked data before allowing access to the computer. In fact, even after paying ransom it is not guaranteed that the attackers will liberate the blocked data. These ransomware threats can be installed on the system through deceptive links in instant messages, emails or suspicious websites. To know more about ransomware click here.

Types of Ransomware:

There are primarily two types of ransomware that have been identified till date – Encryption ransomware and Lock-screen ransomware.

Encryption ransomware: This ransomware will allow an attacker to encrypt all the files on your computer, preventing the user from accessing them. This could also affect the performance of associated programs, which may fail to function till the hijacked data is ransomed. They further demand a ransom to provide decrypt key, which would allow the user to regain access to his files.

Lock-Screen ransomware: If the above malware wasn’t scary enough, the lock-screen ransomware takes things a step further and locks you out from your system. This means, you’re unable to access any files, let alone try to get any online help as this ransomware would not allow you to do anything. It locks the computer with a full-screen message and prevents you from accessing your system or files. It further demands ransom to get access to your PC again with a warning that your data will be lost if you try to decrypt it through other means.

Recent threats:

Apart from the above, there are a couple of similar malware that have also surfaced. The first one is specifically made keeping in mind the users who are more worried about their system’s security. This is brought in to trick the users who are obsessive about updating their systems and devices with the latest updates. The second one is specifically targeting Linux users, meaning that there is no safety from this Godzilla. Let us take a more detailed look at what these new threats and how they work.

  • Fantom Ransomware:

The first ransomware threat is known as Fantom and is specially designed to target users who are overly enthusiastic about installing the latest system updates on their computer. It smartly mimics itself as a critical update for windows, making its way into a user’s computer.

phantom ransomware

Fantom Ransomware: Lesser Known Facts

  • This Ransomware is based on the open-source EDA2 ransomware project.
  • Fantom encrypts files using AES-128 encryption and there are no means available to decrypt Fantom.

How does it work?

This ransomware attacks users disguising the malware as a Windows update. It attacks users by dropping a phony Windows Update screen asking them to download a new critical Windows update. Fake details like a Microsoft Copyright and “Critical Update” file name have been added to this screen to make it appear legitimate. Once you agree to download, the virus starts working in the background and starts encrypting files. It further extracts and runs another program called “WindowsUpdate.exe” which initiate a full-display update screen. It includes a percentage meter and a reminder not to turn off the PC. Once this window screen is displayed, the program will not let the user switch applications.

When Fantom completes encrypting files, it displays a ransom note with the message Decrypt_Your_Files.HTML.  It displays user’s ID key and directions to decrypt the files and to regain access to the system.

  • Fairware Ransomware:

The second ransomware dubbed as ‘Fairware’ is targeting Linux users. According to initial reports, attackers hack Linux servers and remove website folder replacing it with ransom note called READ_ME.txt. It demands a payment of two bitcoins (in most cases) from the victim to regain access to those files. However, even after making the demanded payment in bitcoin there is no certainty that the files will be released. The attackers do not encrypt files in this attack instead they retain the files to upload it to the server under their control.

Fairware Ransomware

Data Backup is the Key: 

As we witness numerous ransomware attacks these days, the best way to stay safe from such threats is to safeguard crucial data. The best way to secure data from any ransomware attack is to take a backup of the data on the cloud or to another drive. You can also use cloud backup services like “Right Backup” to secure your data from any ransomware threat.


What Do You Think?
  • Upvote
  • Funny
  • Love
  • Surprised
  • Angry
  • Sad

Leave a Reply