HotHardware: Victims who fall for the ruse will see a Windows screen acting like it's installing the update, but what's really happening is that the user's documents and files are being encrypted in the background. by Paul Lilly
'Fantom is based on the open-source EDA2 ransomware project, and unfortunately there's no way to decrypt the files without the culprit's help. Plain and simple, you're in a bad spot if you happen to fall for this one. While savvy computer users might spot the ransomware as a malicious attempt to wreak havoc, it's easy to see how a less experienced user could be tripped up by this one.
'The scam starts with a pop-up labeled as a critical update from Microsoft. Once a user decides to apply the fake update, it extracts files and executes an embedded program called WindowsUpdate.exe. From there it appears as though Windows is applying updates complete with a percentage counter and a warning not to turn off your computer. Once initiated, the user can close the screen by pressing Ctrl+F4, but that doesn't stop the ransomware from encrypting files in the background.'