May 10, 2017 By Larry Loeb 2 min read

A new ransomware-as-a-service (RaaS) product named Fatboy has shown up on Russian cybercriminal boards. According to Recorded Future, the Fatboy ransomware was first advertised on cybercrime boards at the end of March.

The source stated the code’s author claimed to be seeking “limited partnerships.” Partners will deal with each other directly, cutting out the third-party vendor that has historically been present in RaaS schemes.

Attacking With Location-Specific Pricing

The malware has a novel way of pricing its bitcoin ransom: It is determined by the victim’s location. Using this strategy, the author has earned more than $5,000 through the use of this malware since Feb. 7, 2017, SecurityWeek said.

Fatboy varies the payment, but it is based on The Economist’s Big Mac Index. Using this index assures that victims in areas associated with a higher cost of living will end up being charged more to have their data decrypted.

Recorded Future added that the author described the malware in some detail on a cybercriminal forum. He stated the base load of the malware is 15.6 KB and was written in C++. He also claimed that it will work on all Windows versions, and scans all disks and network folders.

There is also a user interface (UI) that has been implemented in 12 languages. This variety means Fatboy ransomware is not geographically limited in its operations, which would enhance the utility of the location-based rates.

Upping the Game With Customizeable Encryption

Other characteristics of the malware include a custom encryption routine: It encrypts the victim’s file using AES-256, generating an individual key for each of the files at the same time. The malware then takes all of the individual keys and encrypts them through RSA-2048.

The author addressed certain concerns of potential partners. For example, the money flow uses a new bitcoin wallet number for each client, as well as offering the instant transfer of funds once the victim has paid up. Fatboy also covers its tracks by deleting itself from the victim’s system once the ransom is paid.

Adding in Direct Service With Fatboy Ransomware

RaaS products always mutate and innovate during their lifetime, but Fatboy shows how a concierge-level service could be added to a criminal enterprise not traditionally known for its service capabilities. The author may also be trying to widen the malware’s audience by appealing to less sophisticated criminals.

These potential partners might be influenced by how Fatboy can be used in a highly customizable and low maintenance manner. While these users require extra help to become profitable, the author has demonstrated a commitment to meeting those needs. Fatboy is just one example of how ransomware is not only becoming smarter, but also targeting users on a global scale.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today