May 5, 2017 by

‘Fatboy’ Ransomware Extorts Money Based on Victims’ Countries

Cybersecurity researchers have discovered a new variant of ransomware that automatically adjusts its ransom demand from victims based on their location. Targets in wealthier countries will be forced to pay higher rates.

The ransomware malware, dubbed ‘Fatboy’, was discovered by security researchers at Recorded Future. Fatboy first emerged in March on a Russian cybercriminal forum. The malware is also being advertised on an underground hacking forum frequented by Russian-speaking cybercriminals.

Promoted as a Ransomware-as-a-Service (RaaS) by a cybercriminal called ‘polnowz’, the ransomware was made available on March 24. The offering was a comprehensive product that offered support and guidance with a dashboard that allowed buyers to track its infection statistics.

A day later, the first samples of the malware were discovered by researchers.

What sets Fatboy apart from other ransomware strains is its extortion grab. The developers behind the malware devised it in such a way that the ransom demands toward victims are based on their location and the ransom payments are adjusted accordingly.

According to ZDNet, the developer has seemingly taken the idea from the Economist’s unique Big Mac Index, an irreverent currency valuation comparison index that pits the prices of a McDonald’s ‘Big Mac’ burger from around the world. Fatboy’s author cites it as ‘The McDonald’s Index’, which means victims in the United States would be forced to pay more than victims in Egypt.

“It’s important for malware to be effective; it’s helpful for threat actors to know more about their victim and this is a quick way to tailor the malware to the victim,” said Recorded Future’s Diana Granger.

Although Fatboy ended up making a little over $5,000 for its author, a relatively small amount, the new extortion price adjustment technique employed shows the continuing evolution of ransomware, one of the most menacing, disruptive forms of cyberattacks that affects everyday consumers and enterprises alike.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

47 Million Emails/Day: Necurs Botnet Launches Massive Ransomware Campaign

A cybersecurity firm has revealed it has blocked as many as 47 million emails per day spewed by the...

Read more arrow_forward

Ransomware Continues to Dominate as 2017’s Main Attack Vector

Cyber attacks are on the rise in 2017, clocking a staggering 238% jump in attacks against endpoints....

Read more arrow_forward

26% of Ransomware Attacks Target Corporate Businesses

New research from Kaspersky Lab has revealed that the number of ransomware attacks targeting...

Read more arrow_forward