Fantom Ransomware Removal Guide

Fantom Ransomware is a malicious application whose purpose is to encrypt your personal files using a military-grade encryption algorithm and demand that you pay a ransom for the decryption key. The encryption method used is quite strong, and security researchers have yet to break this ransomware’s unique encryption, so there are no means of decrypting the files free of charge. For this reason, we suggest removing this infection simply because there is no guarantee that you will receive the decryption key once you have paid. We have acquired a sample of this malicious program and tested on one of our test computers. Below is an analysis and overview of our findings.

This application was created by cyber criminals that seek to extract money from you. Fantom Ransomware is designed to enter your computer secretly. According to our research, its executable is named WindowsUpdate.exe which is a deceptive name that aims not to raise suspicion. It is set to be dropped in the %TEMP% folder where many temporary files are stored by the system. Once on your computer, this executable will run automatically and will initiate a bogus Windows update screen in full screen. While this window is shown, the ransomware encrypts the targeted file formats. If you are quick to react, however, you can hold down the Alt+Tab keys, go to Task Manager and “End task” the WindowsUpdate.exe process.

However, if this ransomware completes the encryption, then it is too late to do anything because your files are likely to stay encrypted indefinitely. Our research has revealed that Fantom Ransomware uses the RSA-4096 and AES-256 encryption algorithms to encrypt most of the files stored on your computer. This ransomware generates a unique private decryption key that is sent to the Command and Control Server set up by its developer. Note that the private decryption key must match the public encryption key in order to decrypt the files, so using the decryption key of another computer whose files have been encrypted is futile.

At any rate, if the file encryption was successful, Fantom Ransomware will drop an HTML file named DECRYPT_YOUR_FILES.HTML on the desktop. In actuality, this file is the ransom note that gives you instructions on what to do to get your files back. It says that you have to send the unique user ID to one of two provided email addresses and two encrypted files that will be sent back decrypted along with the decryption key. We do not know how much money the cyber criminals want their victims to pay because they probably state the sum only if they contact the criminals. They will probably ask you to pay the ransom in Bitcoins as it is the most secure payment method that will not leave a trail. We warn you that there is no guarantee that you will get the promised decryption key after you have paid the ransom because you simply cannot trust cyber crooks to keep their word.

At present, we do now know how this particular ransomware is distributed. Nevertheless, we have a hunch that, like most ransomware, it is being sent in email spam. We think that it has some kind of dropper file that, when run, runs a malicious script that bypasses Windows security and drops and automatically runs WindowsUpdate.exe. So be sure to try and validate the legitimacy of the email and delete it if it looks suspicious.

If you have decided not to pay the random and remove Fantom Ransomware, then please refer to the guide presented below. However, if you experience difficulties, then we highly recommend that you remove this ransomware using our featured antimalware application called SpyHunter as our tests have shown that it is entirely capable of locating and eradicating this infection.

How to delete Fantom Ransomware

1. Delete the payload dropper file.
2. Press Windows+E keys.
3. Enter %TEMP% and hit Enter.
4. Find WindowsUpdate.exe, right-click it and click Delete.
5. Delete DECRYPT_YOUR_FILES.HTML from the desktop.
6. Empty the Recycle Bin.