Anonymous cybercriminals started to promote a new Ransomware-as-a-Service (RaaS) called Fatboy on a local underground Russian-language online forum. The promotion of the RaaS service is handled by a hacker hidden under “polnowz” nickname, who began to offer the access to Fatboy on March 24.
This new strain of ransomware uses The Economist’s Big Mac Index to change the cost of the ransomware demands depending on the victim’s geo-location. Victims from countries with a higher cost of living will have to pay more Bitcoins than those from emerging countries.
The Big Mac Index is invented by The Economist as an informal way of measuring the purchasing power parity (PPP) between two currencies and provides a test of the extent to which market exchange rates result in goods costing the same in different countries.
Fatboy ransomware does not provide any innovative functionality or tactics, and stands out mainly through the use of similar design with Critroni and CTB-Locker ransom demand notifications.
Fatboy ransomware works on all versions of Windows operating system, offers a control panel with support for 12 languages, encrypts all files using the AES-256 algorithm with a private key (all keys are encrypted using RSA-2048), scans all disks and network folders, creates a new Bitcoin-A wallet for each victim, etc.
The author of the Fatboy ransomware has posted a screenshot showing that he managed to earn at least $5,321 from his own ransomware campaigns using his new product. Five U.S. victims who agreed to pay the ransom resulted in these huge earnings.