Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Ransomware Poses As A Windows Update (hothardware.com)

Posted by EditorDavid on from the blue-screen-of-ransom dept.

Slashdot reader MojoKid quotes an article from Hot Hardware: A security researcher for AVG has discovered a new piece of ransomware called Fantom that masquerades as a critical Windows update. Victims who fall for the ruse will see a Windows screen acting like it's installing the update, but what's really happening is that the user's documents and files are being encrypted in the background...

The scam starts with a pop-up labeled as a critical update from Microsoft. Once a user decides to apply the fake update, it extracts files and executes an embedded program called WindowsUpdate.exe... As with other EDA2 ransomware, Fantom generates a random AES-128 key, encrypts it using RSA, and then uploads it to the culprit. From there, Fantom targets specific file extensions and encrypts those files using AES-128 encryption... Users affected by this are instructed to email the culprit for payment instructions.
While the ransomware is busy encrypting your files, it displays Microsoft's standard warning about not turning off the computer while the "update" is in progress. Pressing Ctrl+F4 closes that window, according to the article, "but that doesn't stop the ransomware from encrypting files in the background."

5 of 89 comments (clear)

  1. Hardly news.. by dimethylxanthine · · Score: 5, Funny

    Sounds like any other window update. Especially the one with the "Upgrade to Windows 10" popup... :D

    1. Re: Hardly news.. by belthize · · Score: 3, Insightful

      I still struggle to understand the portion of the brain that drives tribalism. It gives rise to a long list of the rather irrational emotional responses of
      - my sports team great your sports team bunch of cheating losers even though they're statistically identical.
      - My religion good yours bad even though to an outside they're nearly indistinguishable except you spin clockwise rather than counter clockwise on alternate Tuesdays.
      - My political party good yours bad even though neither is driven by anything other than the self interests of the party itself and their leaders.
      - My OS good yours bad even though they're simply very complicated hammers for different nails.
      - My race good your race bad even though genetically they're indistinguishable.

      Some people simply seem to have a brain with stronger response wiring. From an evolutionary standpoint there's utility in having such varied response since it affects churn rate when two populations come into contact, still it'd be nice if we could tamp it down some, it's sliding from useful to dangerous in terms of utility.

    2. Re: Hardly news.. by Cariset · · Score: 2

      It's Kipling's law of the jungle, which reads the same forward and back:
      "the pack is the strength of the wolf, and the wolf is the strength of the pack."

      I think it's analogous to how we Earthlings don't just rely on abstract logic to reproduce our genes, but instead have strong, inbuilt, irrational urges that drag us in that direction whether our reason think it wise or not. We can work around it, we can rationalize our actions, but it's still lurking the in the bottoms of our brains.

      Having a tribe that will join together to defend you is a huge deterrent to an attacker. Unless the atracker can manage to isolate their target and sever their social bonds. (E.g., abusive relationships, and the discussion of slavery in "Debt: the first 5000 years".)

      Them's my two cents, anyway. :-)

  2. Re:Why are unauthorized popups still a thing? by Sigma+7 · · Score: 3, Funny

    Why are unauthorized popups still a thing?

    The latest ones I encountered no longer do popups, but instead use Javascript to redirect the page to some third party website (or even a data:// url.)

    Not technically popups, but still something just as trivial.

    Seriously? Why is this allowed in modern web browsers?

    Perhaps some Netscape 2.0-4.x developer thought it was a good idea to automatically execute anything on an HTML page - despite the well known examples of viruses that try infecting every Dos program, or every boot sector.

  3. Re:Vultures by sbjornda · · Score: 4, Insightful

    To a adolescent brain

    I don't think you understand the business model. These are not "script kiddies" (they don't exist any more). This is organized crime.

    I was only 50th percentile.... I hated school. After the first 5 minutes of any given lecture, I could have taught the damn course.

    This does not compute. Your professors didn't get where they were by being 50th percentile as undergrads.

    --
    .nosig