How do ransomware scum decide what to charge you? The Big Mac index (The Register)

Cybercriminals have put together a strain of ransomware that changes the cost of the extortionate demands depending on the victim’s location, threat intelligence firm Recorded Future reports.

Fatboy, which is being advertised on a Russian-language cybercrime forum, uses The Economist’s Big Mac Index to decide how much to squeeze a victim for, based on the wealth of the country in which they reside. Victims from countries with a higher cost of living will have to pay more than those from poorer nations.

The file-encrypting nasty is being offered through a ransomware-as-a-service model, offering customer support over Jabber, and even a “partner” panel for users to track infection statistics by country and time.

The hacker, using the nickname “polnowz,” described Fatboy as a partnership in ads punting the software on the Russian-language Exploit forum.

Fatboy dashboard [source: Recorded Future blog post]

The author of the Fatboy RaaS has posted screenshots purporting to show he earned at least $5,321 from his own ransomware campaigns using this product. Five particular US infections resulted in these illicit returns.

“The level of transparency in the Fatboy RaaS partnership may be a strategy to quickly gain the trust of potential buyers,” according to Recorded Futures. “Additionally, the automatic price adjustment feature shows an interest in customising malware based on the targeted victim.”

More details on the file-encrypting nasty can be found in a blog post by threat intelligence specialist Recorded Future here. ®

Source: SANS ISC SecNewsFeed @ May 5, 2017 at 06:30AM

0
Share