Cybersecurity Alert: New Ransomware Poses as a Critical Windows Update

September 7, 2016

Threat Summary

A new ransomware called Fantom is in circulation. Fantom executes an embedded program called WindowsUpdate.exe that displays a fake Microsoft Windows Update screen which obscures all other open windows and prevents you from switching to other applications. Fantom then encrypts your files in the background.

Fantom can infect your computer via email attachment, online ads, and websites. Fantom does not require administrative rights on machines in order to execute.

For more information, see:

ACA Aponix Guidance

ACA Aponix recommends taking the following precautionary measures to prevent ransomware threats:

  • Ensure anti-virus software is up-to-date.
  • Train employees on how to prevent ransomware threats.
  • Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location, ideally offline and/or WORM-compliant. Backup copies of sensitive data should not be readily accessible from local networks.
  • Check links contained in e-mails by hovering over them before clicking, and do not open attachments included in unsolicited e-mails.
  • Do not click suspicious online ads and do not visit websites that may not be legitimate.
  • Only download software – especially free software – from sites you know and trust.
  • Enable automated patch installations for your operating system and web browser.
  • Consider blacklisting executables with the "WindowsUpdate.exe" name, or, preferably, consider implementing application whitelisting.

If you have any questions, please contact your ACA Aponix consultant or email us at