A LARGE SOUNDING RANSOMWARE SERVICE has popped up on Russian malware forums and earned the concern of a security company. The malware is called Fatboy, it is not slim, but it is a bastard.
Threat finding company Recorded Future says that an advertisement for Fatboy was posted on a significant Russian forum by a member called polnowz. The advertisement is for a ransomware service that can change charges depending on where a victim lives. For example, a mug punter in a fancy area would get a larger fee than someone in a less glamourous location.
It does this in rather a fancy way. "The Fatboy ransomware is dynamic in the way it targets its victims; the amount of ransom demanded is determined by the victim's location," says Recorded Future's Diana Granger.
"According to polnowz, Fatboy uses a payment scheme based on The Economist's Big Mac Index (cited as the "McDonald's Index" in the product description), meaning that victims in areas with a higher cost of living will be charged more to have their data decrypted."
The McDonald's Index, in case you've missed it, is a very informal currency converter-like tool based on the market price of a large burger in different countries. The Fatboy malware is working out OK for its author, according to Granger, who said that they had earned a purported $5,321 from their efforts.
Fatboy is apparently something of a partnership effort, and is very transparent, A full list of its capabilities are provided, included its encryption details and payment options.
"The level of transparency in the Fatboy RaaS partnership may be a strategy to quickly gain the trust of potential buyers. Additionally, the automatic price adjustment feature shows an interest in customizing malware based on the targeted victim," adds Granger.
"Organizations should be aware of the adaptability of Fatboy, as well as other ransomware products, and continuously update their cyber security strategies as these threats evolve."
Microsoft has Fatboy down as Trojan: Win32/Fatboy and lists it as a severe threat. However it adds that Windows Defender Antivirus detects and removes it. µ
Siri-powered speaker will start shipping on 9 February
Staffers are at risk of falling victim to spear phishing attacks
But you probably won't be able to afford it
Squash one bug and another pops up in its place, or so it would seem