What is Fantom Ransomware?
Ransomware is a type of malicious software whose purpose is to extract money from its victims. There are several types of ransomware, but, in this article, we will discuss Fantom Ransomware which is set to encrypt your files. Removing it is a must if you want to ensure your computer’s security. It is configured to demand that you pay a ransom to get the key needed to decrypt your files, but there is no guarantee that you will get it and that is something you ought to consider. Moreover, the sum of money the developers "ask" you to pay is unknown until you contact them via email. If they happen to be greedy, then your files may not be worth the money. Please continue reading to find out more.
Where does Fantom Ransomware come from?
Our security experts say that this ransomware is disseminated via malicious emails sent to random email addresses. The emails appear as if they are legitimate, and they may be disguised as invoices and receipts from globally-known companies, such as Amazon and eBay. Regardless of how they are presented, the emails feature attachments that look like PDF files, but, in reality, the executables that drop Fantom Ransomware’s main executable file named WindowsUpdate.exe on your computer. Take note that this malicious program’s distribution methods may not be limited to email spam only. It can be distributed in a number of different ways that include exploit kits, software bundling, and so on. The important thing is that this ransomware can infect your computer secretly and when it starts encrypting the file, you will think that it is an ordinary Windows update.
How does Fantom Ransomware work?
Indeed, Fantom Ransomware is rather unique in the way it starts the encryption process. Once initiated, this ransomware will prompt a fake Windows Update screen that looks rather believable. However, behind the scenes, it is set to encrypt the files on your computer using the AES-256 cipher and RSA-2048 cryptosystem. The resulting encryption is quite strong and, currently, there is no decryption tool capable of breaking its encryption.
The files are encrypted with a public encryption key. At the same time, this ransomware generates a decryption key which is private. This private key is sent to the developers and, then, they demand that you pay a ransom for it in order to decrypt your files. Once the encryption is complete, this ransomware generates a file called DECRYPT_YOUR_FILES.HTML that functions as the ransom note. In it, the developers state that your files have been encrypted and provide you with steps on how to get them back. The note features a unique ID key that you are expected to send to the developers along with two encrypted files that they will decrypt and send you back as proof that they can decrypt the files. They want to gain your trust, but there is no telling whether they will hold their end of the bargain when it really counts. Furthermore, you will only discover how much you have to pay when you contact the developers. The price of the key might be too hefty, but, in any case, there is no guarantee that you will get the key.
How do I remove Fantom Ransomware?
We are of the opinion that you should not comply with the demands of the cyber crooks because they may be greedy and ask for much money and they might not keep their word and give you the key. Therefore, we advise that you get rid of Fantom Ransomware using either our recommended anti-malware program — SpyHunter or the manual removal guide featured below. Due to lack of information regarding this malware’s distribution, you should scan your PC to identify and delete the payload dropper, provided that it is there.
- Find and delete the payload dropper.
- Hold down Windows+E keys.
- Type %TEMP% and press Enter.
- Locate WindowsUpdate.exe
- Right-click it and click Delete.
- Delete DECRYPT_YOUR_FILES.HTML found on the desktop
- Empty the Recycle Bin.
tested removal of Fantom Ransomware*100% FREE spyware scan and