A ransomware-as-a-service (RaaS) offering called Fatboy may be the first financial malware that adjusts its demands on a sliding scale.
Recorded Future analysts have discovered that Fatboy automatically adjusts ransom demands based on the victim’s location by using the Economist’s Big Mac Index, meaning victims from wealthier countries will have to pay more than others. The Economist invented the Big Mac Index in 1986 as a tool for explaining exchange-rate theory.
The automatic price adjustment feature shows an interest in customizing malware based on the targeted victim, but from there the proceedings are fairly commonplace: A computer infected with the Fatboy malware will display a message explaining that the user’s files have been encrypted, stating the ransom amount, and warning the user against interfering with the ransomware.
The firm discovered Fatboy in a Dark Web advertisement in late March, though it was first conceived in early February. Its author has so far earned at least $5,321 from campaigns on his or her own, and has gone on to make it available to others.
“The advertiser, operating under the username ‘polnowz,’ describes Fatboy as a partnership, offering support and guidance through Jabber,” explained researcher Diana Granger, in a blog. “Purchasers of the Fatboy RaaS partner directly with the author of the malware and not through a third party like many other cyber-criminals prefer. These partners also receive payment instantly when a victim pays their ransom, adding another level of transparency to this partnership.”
As described by polnowz: “We invite you to take part in a partnership for the monetization of downloads with help of the Fatboy encryption software. Limited partnership.” The author goes on to describe perks like a “comfortable partner panel with full statistics by country and time,” and “support for more than 5,000 file extensions.”
The level of transparency in the Fatboy RaaS partnership may be a strategy to quickly gain the trust of potential buyers, Granger noted. She added that organizations should be aware of the adaptability of Fatboy, as well as other ransomware products, and continuously update their cyber-security strategies as these threats evolve.