New Ransomware Poses As A Windows Update

Slashdot reader MojoKid quotes an article from Hot Hardware: A security researcher for AVG has discovered a new piece of ransomware called Fantom that masquerades as a critical Windows update. Victims who fall for the ruse will see a Windows screen acting like it's installing the update, but what's really happening is that the user's documents and files are being encrypted in the background...

The scam starts with a pop-up labeled as a critical update from Microsoft. Once a user decides to apply the fake update, it extracts files and executes an embedded program called WindowsUpdate.exe... As with other EDA2 ransomware, Fantom generates a random AES-128 key, encrypts it using RSA, and then uploads it to the culprit. From there, Fantom targets specific file extensions and encrypts those files using AES-128 encryption... Users affected by this are instructed to email the culprit for payment instructions.
While the ransomware is busy encrypting your files, it displays Microsoft's standard warning about not turning off the computer while the "update" is in progress. Pressing Ctrl+F4 closes that window, according to the article, "but that doesn't stop the ransomware from encrypting files in the background."

Hardly news..

[dimethylxanthine]

Sounds like any other window update. Especially the one with the "Upgrade to Windows 10" popup... :D

Re:

[Zontar The Mindless]

Do you really enjoy talking to yourself so very much?

Re:

[ihtoit]

wow, that went sideways fast, huh?

Re:

[ihtoit]

oh, wow, ok, simple test: 1394 support. Windows 10? Only if you can get the legacy driver from xp to work. Linux? Plug it in and rock on.

When you have to plug in a curse every other word, you've already lost...

Re: Hardly news..

[belthize]

I still struggle to understand the portion of the brain that drives tribalism. It gives rise to a long list of the rather irrational emotional responses of
- my sports team great your sports team bunch of cheating losers even though they're statistically identical.
- My religion good yours bad even though to an outside they're nearly indistinguishable except you spin clockwise rather than counter clockwise on alternate Tuesdays.
- My political party good yours bad even though neither is driven by anything other than the self interests of the party itself and their leaders.
- My OS good yours bad even though they're simply very complicated hammers for different nails.
- My race good your race bad even though genetically they're indistinguishable.

Some people simply seem to have a brain with stronger response wiring. From an evolutionary standpoint there's utility in having such varied response since it affects churn rate when two populations come into contact, still it'd be nice if we could tamp it down some, it's sliding from useful to dangerous in terms of utility.

Re: Hardly news..

[Cariset]

It's Kipling's law of the jungle, which reads the same forward and back:
"the pack is the strength of the wolf, and the wolf is the strength of the pack."

I think it's analogous to how we Earthlings don't just rely on abstract logic to reproduce our genes, but instead have strong, inbuilt, irrational urges that drag us in that direction whether our reason think it wise or not. We can work around it, we can rationalize our actions, but it's still lurking the in the bottoms of our brains.

Having a tribe that wi

Re:

[runningduck]

Are you trying to draw a parallel between people who have a beef with Microsoft with racists?

- My OS good yours bad even though they're simply very complicated hammers for different nails.
People get frustrated because a monopoly power has a long history of poor design decisions and forcing users to apply "updates" that create more flaws which leads to unpreventable system compromises. Seems like a legitimate reason to hold a grudge to me.

- My race good your race bad even though genetically they're indistin

Re:

[Anonymous Coward]

It looks more like he was questioning why AC got so butthurt over facts.

Re:

[Archangel Michael]

One race instills systematic impediments that create an uneven playing field holding back other races from equitably participating in the riches of our society. This is just wrong!

You mean like the SF quarterback who is among the %01, raised by white parents when his black parents abandoned him, complaining about being "oppressed"?

IF there are systemic impediments that create an uneven playing field, it is by those who keep insisting that there are impediments even in the face of all the proof in the world that such things do not exist, because the belief is what is holding these people back.

Or, think of it this way, the whole DNC "you can't make it because rich white people are keep

Re:

[Nunya666]

Are you trying to draw a parallel between people who have a beef with Microsoft with racists?

My OS good yours bad even though they're simply very complicated hammers for different nails.

People get frustrated because a monopoly power has a long history of poor design decisions and forcing users to apply "updates" that create more flaws which leads to unpreventable system compromises. Seems like a legitimate reason to hold a grudge to me.

This I agree with.

My race good your race bad even though genetically they're indistinguishable.

One race instills systematic impediments that create an uneven playing field holding back other races from equitably participating in the riches of our society. This is just wrong!

This is completely wrong. A race does not "instill systematic impediments" - individual people do that.

Note that I'm not trying to say that racism is good or bad. I'm just pointing out that your argument has no merit.

Re:

[runningduck]

"This is completely wrong. A race does not "instill systematic impediments" - individual people do that." OK, I stand corrected: individual of a specific race instill systematic impediments.

"Note that I'm not trying to say that racism is good or bad." I would hate for you to go out too far on such a moral limb.

Re:

[Archangel Michael]

Tribalism is based on Evolutionary group behavior. Humans cannot really survive well as individuals in an evolutionary setting.

You cannot nullify millions of years of evolution by simply willing it away. So, while you "struggle to understand", I don't struggle to understand, because it is easy to understand. It isn't an "irrational emotional response", it is bred into us, and is pure instinct, just like breading itself is.

The other option to this is that we are not millions of years old evolutionary creatur

Re:

[belthize]

I get the evolutionary cause for tribalism, I mentioned it. I also understand the need for variance in tribal response since it effects churn rates.

What I struggle to understand is the variance and how to tackle it. When faced with somebody who has a strong tribal impulse most people's response is to simply ignore them or yell back louder, neither is effective.

One of the interesting (to me) changes in the past 20 years is the impact the internet has had on tribalism and 5 sigma personalities. 30 years ag

Re:

[Archangel Michael]

Gotcha.

The internet is creating links between people who otherwise wouldn't get those links in their own "local" tribe. The problem here is that technology we use to connect with others that we like (our tribes), is also used by people who connect up with people they like (their tribes). And while the internet has connected the world up, it is also caused us to disconnect from those around us.

The net positives (Progress) outweighs the negatives (previously isolated "nuts" are now forming their own tribes).

Re:

[belthize]

Interesting conversation though I think you're misconstruing my noting a characteristic as passing judgement on it.

In no way was I implying subjective good or bad net effect, just that it has a negative impact in some area. I personally believe the net effect is exceedingly positive but with it comes a rather interesting downside, driven by evolutionary tribal responses which predate the current environment by millions of years.

All in all I suspect we're in agreement.

Re:

[Applehu Akbar]

There's another Unix-based operating system out there, you know.

Re:

[Anonymous Coward]

I'd rather get fucked in the ass over and over again for days on end with a rusty knife

Right this way sir. Your room is ready. I hope your experience is everything you expect it to be.

Re:

[OneHundredAndTen]

Take your Valium and go back to sleep. You are not in any shape for this kind of stress.

Re:

[khelms]

Yes, but I came here for an argument!!

OH! Oh! I'm sorry! This is abuse!

Re:

[K. S. Kyosuke]

That would be "New Windows update poses as ransomware", right?

Re:

[StillAnonymous]

"New Microsoft Malware Poses as Operating System"

Re:

[Applehu Akbar]

No reason people who create/operate this kind of stuff should not be hunted down and summarily executed.

The FBI operates in all countries outside of ISIS territory now, and can be invoked to do your bidding so long as you can show that the ransomware violated someone's copyright.

Re:

[Opportunist]

You know, it's kinda funny that there's not yet a service where someone who knows that kind of trash would grab them, hang them from their toes and sell viewing rights to see them being tortured for a few hours.

Send 1 bitcoin and watch the ransomware asshole being sliced millimeter by millimeter, starting at the soles of their feet...

Why are unauthorized popups still a thing?

[Anonymous Coward]

Seriously? Why is this allowed in modern web browsers? I haven't seen one in forever, though part of that may be my use of various addons like ad-blocks and No-Script.

It seems there's NO excuse at all, at ALL, for unauthorized pop-up windows nowadays.

Re:Why are unauthorized popups still a thing?

[Sigma 7]

Why are unauthorized popups still a thing?

The latest ones I encountered no longer do popups, but instead use Javascript to redirect the page to some third party website (or even a data:// url.)

Not technically popups, but still something just as trivial.

Seriously? Why is this allowed in modern web browsers?

Perhaps some Netscape 2.0-4.x developer thought it was a good idea to automatically execute anything on an HTML page - despite the well known examples of viruses that try infecting every Dos program, or every boot sector.

And the folks in Redmond say,

[jenningsthecat]

"Get off my turf, punk!"

Vultures

[Anonymous Coward]

I hate people who do this. If you can write software, you can have a comfortable life without doing shit like this. What a waste.

Re:Vultures

[sbjornda]

To a adolescent brain

I don't think you understand the business model. These are not "script kiddies" (they don't exist any more). This is organized crime.

I was only 50th percentile.... I hated school. After the first 5 minutes of any given lecture, I could have taught the damn course.

This does not compute. Your professors didn't get where they were by being 50th percentile as undergrads.

--
.nosig

Re:

[ihtoit]

corporate Darwinism at its best, right there. :)

So how do we expose ourselves to the threat?

[Anonymous Coward]

TFA misses the most important part of the story. What is it we might do that exposes us to this malware?

(Apart from running Windows that is)

As far as I know my browser cannot access my files so nothing on the web I click on can cause this problem. In theory.

If there is a buggy browser that allows this I want to know which it is.

Anyone have a link to the ransomware site?
 

Which attack vector? Drive by website? Email?

[ziani]

That would seem to be important, no?
Thanks.

P.s. TFA does not specify.

Re:

[lytlebill]

Looks like a standalone executable, from this article on Bleepingcomputer:

http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/ [bleepingcomputer.com]

Re:

[ziani]

Thank you!

Re:

[Opportunist]

No, c'mon, stop the propaganda. Windows is very well capable of this feat even without any updates!

Game changer?

[manu0601]

Is it a game changer? Previously, ransomwares were encrypting your files silently in the background, and now it does the same while displaying a Windows update box. No big change.

Ironically,

[God of Lemmings]

It only forces you to pay once, while the actual windows 10 update forces you to pay continually.

Well the good news is...

[The_Revelation]

Anyone affected has a pretty good case to have Microsoft reimburse them for any losses - after all, MS has been using these exact same tactics for the past year, so at this stage, users won't hesitate to run anything MS sends them - particularly if it carries the promise of finally fixing some of these game-breaking bugs that have been thrust upon us my our most gracious overlords at Microsoft - also, Windows 10 is SO secure, it would never let the cryptolocker run - and certainly not in the background.