The newly discovered ransomware uses a dynamic new targeting strategy that changes the cost of the ransom depending on the victim’s location, using The Economist’s Big Mac Index as a reference, research from Recorded Future suggests.
Fatboy is also offered with a ransomware-as-a-service (RaaS) model, with customer support over Jabber, and even a “partner” panel for users to track statistics by country and time.
It is the latest RaaS model – posted on March 24 2017 – in an increasingly creative line of malware, aimed at individuals and businesses.
>See also: The ransomware business model
Ilia Kolochenko, CEO of High-Tech Bridge said: “We will see an important growth in the RaaS model in the near future. Many cybercriminals don’t want, or simply don’t have enough skills, to do all the administrative work involved in ransomware – billing, support, money laundering, etc. With the RaaS model, even a kid can successfully receive payments from the victims without bothering about anything but hacking user machines.”
“There is nothing sophisticated in the RaaS model, it’s just about making this type of cybercrime more accessible and affordable. This is a sign that the cybercrime industry is maturing, like a legitimate business. The changes in targeting mean that victims from developed countries will probably pay more to get their data back.”
The ‘advertiser’, operating under the username “polnowz,” according to Recorded Future described Fatboy as a partnership, offering support and guidance through Jabber. However, this RaaS has not yet received any feedback from the hacking community.
The Fatboy ransomware, uniquely, demands higher ransoms from people living in more affluent areas.
In the face of these evolving threats, Recorded Future recommends organisations update existing cyber security protocols to mitigate the risk.
>See also: The year of the ransomware shakedown
Kolochenko suggested that in order to combat this threat “we need to only keep the necessary software on user machines and make sure that all software, not only the OS, is up2date. Client-side security software and various security hardening mechanisms are also very important. Last but not least, continuous security monitoring and anomalies detection systems should be implemented.”
“Ransomware is about business, not about technology. All the components for ransomware (e.g. encryption mechanisms, exploit packs, etc) have existed for many years. However, with the ransomware approach, victims have no other simple way to get their data back other than to pay. Reliability and certainty of payment makes ransomware especially attractive for cybercriminals.”