Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

“Fatboy” Ransomware-as-a-Service Sets Ransom Based on Victim Location

A newly discovered ransomware-as-a-service (RaaS) has a dynamic method of setting the ransom amount based on the victim’s location, Recorded Future reports.

A newly discovered ransomware-as-a-service (RaaS) has a dynamic method of setting the ransom amount based on the victim’s location, Recorded Future reports.

Dubbed Fatboy, the malware was first spotted on March 24 on a top-tier Russian cyber-criminal forum, where a member started advertising it as a partnership, while also promising support and guidance through Jabber. Two days later, a reputable member of the forum offered to assist the malware author with translation in the product.

The ransomware’s author claims that a payment scheme based on The Economist’s Big Mac Index is used, “meaning that victims in areas with a higher cost of living will be charged more to have their data decrypted,” Recorded Future’s Diana Granger explains.

Wannabe criminals interested in the Fatboy RaaS would partner directly with the author, without going through a third-party vendor. They are also promised instant payments when the victim pays the ransom, which would supposedly add an extra level of transparency to the partnership.

While not a large sum, the Fatboy author supposedly earned more than $5,000 using this malware since February 7, 2017.

On infected computers, the ransomware displays a message explaining to the user that their files have been encrypted. The message also informs the victim what ransom amount has been set and warns them not to interfere with the malware’s activities. The message also claims that user’s files would be completely lost if the ransom isn’t paid within a specific period of time.

In their description of the Fatboy RaaS, the author claims the malware was written in C++, and works on all Windows versions (x86/x64). Additionally, cryptolocker development and support are included in the partnership, and a multi-language user interface with support for 12 languages is available. The author also says that the threat can scan all disks and network folders and that it can encrypt every file with AES-256 with an individual key and that all keys are encrypted with RSA-2048.

The author claims they use a new Bitcoin wallet number for each client, that the malware automatically decrypts files and deletes itself after payment, and that it can target more than 5000 file extensions. The partner panel, they say, offers full statistics by country and time, along with detailed information on each individual client.

Advertisement. Scroll to continue reading.

“The level of transparency in the Fatboy RaaS partnership may be a strategy to quickly gain the trust of potential buyers. Additionally, the automatic price adjustment feature shows an interest in customizing malware based on the targeted victim. Organizations should be aware of the adaptability of Fatboy, as well as other ransomware products, and continuously update their cyber security strategies as these threats evolve,” Granger notes.

Related: New Cerber Ransomware Variant Emerges

Related: New Unlock26 Ransomware and RaaS Portal Discovered

Related: Sage 2.0 Ransomware Demands $2,000 Ransom

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.