Malware that disguises itself as a Microsoft Windows update has been causing a stir over the past few weeks.

The threat – Fantom – appears in front of users as a ‘Critical Windows Update’ encouraging them to immediately download it. Designed to look exactly like a genuine update, many users fall victim to the phony alert.

After clicking download, a program [WindowsUpdate.exe] is activated which displays an update screen. Whilst the sham update is taking place, the update screen takes away the user’s ability to switch between applications.

Unknowingly, the ransomware has begun to infect the system by quietly encrypting files, with the intention to hold the data for ransom.

Once the files are fully encrypted, a ransom message will appear with the name Decrypt_Your_Files.HTML. The message will include instructions on how to send payment to the cyber criminals to recover the encrypted files. The victim is given just one week to pay the ransom before their files are “destroyed”.

This nasty strain of ransomware was discovered by malware researcher, Jakub Kroustek, from the software company AVG. Kroustek noted that the creators had gone to great lengths to make the update look as authentic as possible and even included Microsoft’s copyright and trademark information in the properties.

Fantom can be extremely dangerous to SMEs as it imitates a screen that many employees would recognise. The cyber criminals are expecting employees to take the upgrade as legitimate and download it without a second thought. Remote workers are particularly vulnerable as they may be used to installing their own updates.

Backup for every eventuality

Despite such dangerous malware at large, our recent Backup and Disaster Recovery (BDR) report reveals, 46% of SMEs have never tested their backup and recovery plan. 

So, if disaster struck and an SME became one of the unlucky few to encounter malware such as Fantom, there is no way of knowing if their BDR plan actually works.

Quite often, if the victim has not backed up their data, they are forced to pay the ransom to retrieve their files. Even worse than that, paying the ransom is not a guarantee that the user will get their files back.

If you have concerns about leaving your business open to the unexpected or just want advice about a BDR plan, get in touch with our experts at Riverbank on or call 01235 426700.

We hope you’ll never need your backup, but if you do, we’ll make sure that restoring your business to normal working order is as smooth a process as possible. At Riverbank we provide backup solutions for businesses in a huge range of industries, with diverse security requirements, operating with both traditional and cloud-based IT. What we’re trying to say is: we’re here to back you up.