A new ransomware called Fantom was discovered by AVG malware researcher Jakub Kroustek that is based on the open-source EDA2 ransomware project. The Fantom Ransomware uses an interesting feature of displaying a fake Windows Update screen that pretends Windows is installing a new critical update. In the background, though, Fantom is secretly encrypting a victim's files without them noticing.
Fantom will encrypt files using AES-128 encryption and append the .fantom extension to encrypted files.
The ransomware will display the ransom note called DECRYPT_YOUR_FILES.HTML that includes the victim's ID key and provides instructions to email firstname.lastname@example.org or email@example.com in order to receive payment instructions.