"Fatboy" Ransomware-as-a-Service Sets Ransom Based on Victim Location

A newly discovered ransomware-as-a-service (RaaS) has a dynamic method of setting the ransom amount based on the victim’s location, Recorded Future reports.
Dubbed Fatboy, the malware was first spotted on March 24 on a top-tier Russian cyber-criminal forum, where a member started advertising it as a partnership, while also promising support and guidance through Jabber. Two days later, a reputable member of the forum offered to assist the malware author with translation in the product.

The ransomware’s author claims that a payment scheme based on The Economist’s Big Mac Index is used, “meaning that victims in areas with a higher cost of living will be charged more to have their data decrypted,” Recorded Future’s Diana Granger explains.
Wannabe criminals interested in the Fatboy RaaS would partner directly with the author, without going through a third-party vendor. They are also promised instant payments when the victim pays the ransom, which would supposedly add an extra level of transparency to the partnership.
While not a large sum, the Fatboy author supposedly earned more than $5,000 using this malware since February 7, 2017.
On infected computers, the ransomware displays a message explaining to the user that their files have been encrypted. The message also informs the victim what ransom amount has been set and warns them not to interfere with the malware’s activities. The message also claims that user’s files would be completely lost if the ransom isn’t paid within a specific period of time.
南京医药:关于非公开发行申请文件二次反馈意见回复的公告
In their description of the Fatboy RaaS, the author claims the malware was written in C++, and works on all Windows versions (x86/x64). Additionally, cryptolocker development and support are included in the partnership, and a multi-language user interface with support for 12 languages is available. The author also says that the threat can scan all disks and network folders and that it can encrypt every file with AES-256 with an individual key and that all keys are encrypted with RSA-2048.
The author claims they use a new Bitcoin wallet number for each client, that the malware automatically decrypts files and deletes itself after payment, and that it can target more than 5000 file extensions. The partner panel, they say, offers full statistics by country and time, along with detailed information on each individual client.
“The level of transparency in the Fatboy RaaS partnership may be a strategy to quickly gain the trust of potential buyers. Additionally, the automatic price adjustment feature shows an interest in customizing malware based on the targeted victim. Organizations should be aware of the adaptability of Fatboy, as well as other ransomware products, and continuously update their cyber security strategies as these threats evolve,” Granger notes.
互联网公司悬赏系统安全漏洞,让黑客高手们可以通过这些正当门道赚钱,名利双收。
Related: New Cerber Ransomware Variant Emerges
Related: New Unlock26 Ransomware and RaaS Portal Discovered
Related: Sage 2.0 Ransomware Demands $2,000 Ransom
很多离职员工仍然会从原来的公司里窃取资料,对员工来讲,这种做法不但不道德,还会触犯法律。

猜您喜欢

我区召开”一带一路”国际合作高峰论坛怀柔区服务保障工作部署会
信息安全培训视频
值得关注的非革命性创新——基于云端的HSE培训服务
韩国大选结果预计9日晚初现 10日宣布新当选总统
GILU GUTTERGUYREPAIRS
全民网络安全意识教育策略与资源