|Encryption Type||AES -128|
|Short Description||The malware authors hide its malicious activity by pretending a software is a critical update for Windows. To add legitimacy, the file properties for the ransomware states that it is from Microsoft and is called critical update.|
|Symptoms||When ransomware infected it will appends .fantom extension to the encrypted file. For example, car.jpg would be encrypted as a file named car.jpg.fantom. In each folder, it will also create a DECRYPT_YOUR_FILES.HTML ransom note.|
|Distribution Method||This ransomware uses various techniques for its distribution such as spam emails with fake PDF or Microsoft word attachments that will not open when it is launched|
The below showing the ransom note of Fantom ransomware
EDA2 based ransomware, it will generate a random AES-128 key, encrypt it using RSA, and then communicated it to the malware authors C& C server.
During encryption, it will scan the victim’s drive some of their extension are as given below.