A new ransomware-as-a-service product called “Fatboy” discovered on Russian-language dark web forums is offering a new kind of demand that adjusts the ransom based on where a victim lives.

Fatboy automatically adjusts ransom demands based on the victim’s location by using Big Mac Index, an index compiled by The Economist that measures the purchasing power parity between two currencies. By using the index, the ransomware can adjust the amount demanded from a victim based on the purchasing power based on a presumed ability to pay.

Believed to be the first known ransomware product that is designed to automatically change ransom amounts based on the victim’s location, Fatboy’s RaaS model sees purchases partner directly with the author of the ransomware, who handles payment processing for a slice of the action. “Since February 7, 2017, the author of the Fatboy RaaS has purportedly earned at least $5,321 from their own ransomware campaigns using this product,” Diana Granger, the researcher at security firm Recorded Future Inc. who discovered Fatboy, said in a blog post Thursday.

Advertising for Fatboy reads more like a corporate partnership. The seller, known by the handle of Polnowz, wrote, “We invite you to take part in a partnership for the monetization of downloads with help of the Fatboy encryption software. Polnowz goes on to describe perks such as a “comfortable partner panel with full statistics by country and time” and “support for more than 5,000 file extensions.”

Putting aside the automatic price adjustments based on where a victim lives, Fatboy itself is fairly typical ransomware in that it is spread through phishing campaigns. Victims are presented with a ransom message to unlock hijacked files.

Ilia Kolochenko, chief executive officer of High-Tech Bridge SA, told SiliconANGLE that the RaaS model was the future of ransomware. “Many cybercriminals don’t want, or simply don’t have enough skills, to do all the administrative work involved in ransomware – billing, support, money laundering, etc.,” he said. “With the RaaS model, even a kid can successfully receive payments from the victims without bothering about anything but hacking user machines”

He added that ransomware is about business, not technology. “All the components for ransomware (e.g. encryption mechanisms, exploit packs, etc) have existed for many years,” Kolochenko added. “However, with the ransomware approach, victims have no other simple way to get their data back other than to pay. Reliability and certainty of payment makes ransomware especially attractive for cybercriminals.”

Image: Recorded Future