Story image

Hungry ‘Fatboy’ ransomware uses Big Mac Index to geotarget ransom demands

09 May 17

Reports of a ransomware making its way through a Russian cybercrime forum have surfaced this week - but while it is not unusual to see ransomware being sold as a service, this particular version boasts one key capability: it can target and change the ransom demands based on victims’ locations.

A Recorded Future blog exposed the ransomware, dubbed ‘Fatboy’. It is able to use The Economist’s Big Mac Index, created in 1986, to determine the cost of living for a particular geographic location. 

It then alters the ransom demand based on those statistics, so those with a higher ranking face higher demands than those with a lower ranking.

This highlights the ransomware’s ability to customise its demands based on user location - a point that the creator will be hoping to capitalise on.

According to translations of the post in the forums, Fatboy was written entirely through C++ and targets Windows computers. It is able to encrypt every file using AES encryption, then those files are bulk encrypted using RSA encryption.

It asks for payment in Bitcoins and claims that files will automatically be decrypted after payment.

According to the forum post, the Fatboy ransomware has been on the scene since February this year and has earned the creator more than $5300.

The creator is looking for buyers to help monetise the malware in a ‘limited partnership’, which Recorded Future thinks is a way for the creator to gain buyers’ trust.

Ransomware as a service (RaaS) has been gaining popularity across the dark web, allowing both experienced and fledgling cyber criminals to create malware or to capitalise on its success.

According to the 2016 Ransomware and Businesses special report by Symantec, RaaS allows cybercriminals to “Acquire their own ransomware, including those with relatively low levels of expertise”.

“The RaaS creators then sit back and wait for their customers to distribute the malware, earning a percentage of the profits,” the report says.

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.