SYMBOLCOMMON_NAMEaka. SYNONYMS
win.fantomcrypt (Back to overview)

FantomCrypt


According to PCrisk, Fantom is a ransomware-type virus that imitates the Windows update procedure while encrypting files. This is unusual, since most ransomware encrypts files stealthily without showing any activity. During encryption, Fantom appends the names of encrypted files with the ".locked4", ".fantom" or ".locked" extension.

References
2016-08-29WebrootTyler Moffitt
Fantom ransomware impersonates Windows update
FantomCrypt

There is no Yara-Signature yet.