'fantomd12@yandex.ru' Ransomware
Posted: December 28, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 5,078 |
| First Seen: | December 28, 2016 |
|---|---|
| Last Seen: | July 26, 2022 |
| OS(es) Affected: | Windows |
The 'fantomd12@yandex.ru' Ransomware is a variant of the older Fantom Ransomware, a threat that can block your files in return for extorting ransom money. Both of these Trojans include high-visibility symptoms, such as pop-ups that are available only after the possibly permanent file damage occurs. Having anti-malware protection for removing the 'fantomd12@yandex.ru' Ransomware automatically, as well as extra backups of any valuable content, still are viable and ideal responses to this threat's campaign.
An Old Trojan Name Coming Back for More
While the Fantom Ransomware isn't the largest family of Trojans ever seen, some threat actors do appear to be happy using it for continuing campaigns of extortion. Their new product, the 'fantomd12@yandex.ru' Ransomware, uses a slightly modified ransoming pop-up, but in most respects uses the same attacks malware experts confirm from the other ancestors in its line. As usual, the intended danger targets the local files of the victims by blocking them via the AES encryption.
The encryption method that the 'fantomd12@yandex.ru' Ransomware uses, the AES-128, isn't as secure as the military-grade one it falsely claims of using in its pop-up. However, by using another level of the RSA encryption, the 'fantomd12@yandex.ru' Ransomware inhibits any decryption research that could give PC users options for recovering without paying the Trojan's ransom.
Other symptoms malware researchers link to the 'fantomd12@yandex.ru' Ransomware (and other EDA2-based malware) closely include:
- The 'fantomd12@yandex.ru' Ransomware can change the extension of any files it locks by inserting new ones (such as '.fantom').
- A desktop-hijacking feature may replace your desktop's background image with one that the 'fantomd12@yandex.ru' Ransomware deposits. Currently, it uses an encryption warning-based image that provides e-mail addresses to pay the unspecified ransom.
- The 'fantomd12@yandex.ru' Ransomware also offers additional, more elaborate instructions than its wallpaper in both Notepad TXT and web HTML messages. These longer texts also continue the tradition of threat actors claiming that they're using a higher grade of encryption than the Trojan's real payload, which could dissuade victims from trying other methods of recovering their files.
Responding to Trojans that may be Unresponsive to You
Initial queries into the decryption features of the the 'fantomd12@yandex.ru' Ransomware campaign show a limited or even total absence of multi-threading that could cause the utility to crash when in use by multiple victims. Since your files may not be decryptable by any other method, the 'fantomd12@yandex.ru' Ransomware's recent attacks place importance on having backups already in place. Locally-saved backups can be equally at risk of been attacked by this Trojan, which is why malware analysts suggest using external storage (such as USB drives) as a general rule.
Less than ten brands of anti-malware products detect known samples of the 'fantomd12@yandex.ru' Ransomware currently. In addition to limiting your interactions with infection vectors like e-mail spam, you also should update your anti-malware services either automatically or when prompted to help them identify the new threat accurately. Since full or free decryption may be impossible, victims should rely on removing the 'fantomd12@yandex.ru' Ransomware with such software before its payload launches.
While the 'fantomd12@yandex.ru' Ransomware doesn't use some of the most-feared attacks from threats of its kind, such as deleting files or blocking important programs automatically, it's a credible hazard to any saved information on a PC. Even underestimating a 'small-time' family of threatening software can come at an unhappily-high cost.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.