Reports of a ransomware making its way through a Russian cybercrime forum have surfaced this week - but while it is not unusual to see ransomware being sold as a service, this particular version boasts one key capability: it can target and change the ransom demands based on victims’ locations.
A Recorded Future blog exposed the ransomware, dubbed ‘Fatboy’. It is able to use The Economist’s Big Mac Index, created in 1986, to determine the cost of living for a particular geographic location.
It then alters the ransom demand based on those statistics, so those with a higher ranking face higher demands than those with a lower ranking.
This highlights the ransomware’s ability to customise its demands based on user location - a point that the creator will be hoping to capitalise on.
According to translations of the post in the forums, Fatboy was written entirely through C++ and targets Windows computers. It is able to encrypt every file using AES encryption, then those files are bulk encrypted using RSA encryption.
It asks for payment in Bitcoins and claims that files will automatically be decrypted after payment.
According to the forum post, the Fatboy ransomware has been on the scene since February this year and has earned the creator more than $5300.
The creator is looking for buyers to help monetise the malware in a ‘limited partnership’, which Recorded Future thinks is a way for the creator to gain buyers’ trust.
Ransomware as a service (RaaS) has been gaining popularity across the dark web, allowing both experienced and fledgling cyber criminals to create malware or to capitalise on its success.
According to the 2016 Ransomware and Businesses special report by Symantec, RaaS allows cybercriminals to “Acquire their own ransomware, including those with relatively low levels of expertise”.
“The RaaS creators then sit back and wait for their customers to distribute the malware, earning a percentage of the profits,” the report says.