INFRA
INFRA
INFRA
Fatboy ransomware adjusts demands based on where a victim lives
A new ransomware-as-a-service product called “Fatboy” discovered on Russian-language dark web forums is offering a new kind of demand that adjusts the ransom based on where a victim lives.
Fatboy automatically adjusts ransom demands based on the victim’s location by using Big Mac Index, an index compiled by The Economist that measures the purchasing power parity between two currencies. By using the index, the ransomware can adjust the amount demanded from a victim based on the purchasing power based on a presumed ability to pay.
Believed to be the first known ransomware product that is designed to automatically change ransom amounts based on the victim’s location, Fatboy’s RaaS model sees purchases partner directly with the author of the ransomware, who handles payment processing for a slice of the action. “Since February 7, 2017, the author of the Fatboy RaaS has purportedly earned at least $5,321 from their own ransomware campaigns using this product,” Diana Granger, the researcher at security firm Recorded Future Inc. who discovered Fatboy, said in a blog post Thursday.
Advertising for Fatboy reads more like a corporate partnership. The seller, known by the handle of Polnowz, wrote, “We invite you to take part in a partnership for the monetization of downloads with help of the Fatboy encryption software. Polnowz goes on to describe perks such as a “comfortable partner panel with full statistics by country and time” and “support for more than 5,000 file extensions.”
Putting aside the automatic price adjustments based on where a victim lives, Fatboy itself is fairly typical ransomware in that it is spread through phishing campaigns. Victims are presented with a ransom message to unlock hijacked files.
Ilia Kolochenko, chief executive officer of High-Tech Bridge SA, told SiliconANGLE that the RaaS model was the future of ransomware. “Many cybercriminals don’t want, or simply don’t have enough skills, to do all the administrative work involved in ransomware – billing, support, money laundering, etc.,” he said. “With the RaaS model, even a kid can successfully receive payments from the victims without bothering about anything but hacking user machines”
He added that ransomware is about business, not technology. “All the components for ransomware (e.g. encryption mechanisms, exploit packs, etc) have existed for many years,” Kolochenko added. “However, with the ransomware approach, victims have no other simple way to get their data back other than to pay. Reliability and certainty of payment makes ransomware especially attractive for cybercriminals.”
Image: Recorded Future
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
