Types header

Name Fantom
Type Crypto Ransomware
Encryption Type AES -128
Short Description The malware authors hide its malicious activity by pretending a software is a critical update for Windows. To add legitimacy, the file properties for the ransomware states that it is from Microsoft and is called critical update.
Symptoms When ransomware infected it will appends .fantom extension to the encrypted file.  For example, car.jpg would be encrypted as a file named car.jpg.fantom. In each folder, it will also create a DECRYPT_YOUR_FILES.HTML ransom note.
Distribution Method This ransomware uses various techniques for its distribution such as spam emails with fake PDF or Microsoft word attachments that will not open when it is launched
Image  fantom1 1
More Details

The below showing the ransom note of Fantom ransomware

fantom1 2.jpg

EDA2 based ransomware, it will generate a random AES-128 key, encrypt it using RSA, and then communicated it to the malware authors C& C server.

During encryption, it will scan the victim’s drive some of their extension are as given below.

fantom1 3.jpg