Fatboy Ransomware-as-a-Service Emerges on Russian-Language Forum

Fatboy Ransomware-as-a-Service Emerges on Russian-Language Forum

Recently a member of a top-tier Russian cyber criminal forum posted an advertisement for “Fatboy,” a new ransomware-as-a-service (RaaS) product. Learn more.

The post Fatboy Ransomware-as-a-Service Emerges on Russian-Language Forum appeared first on Recorded Future.

     

On March 24, 2017, a member of a top-tier Russian cyber criminal forum posted an advertisement for “Fatboy,” a new ransomware-as-a-service (RaaS) product.
The advertiser, operating under the username “polnowz,” describes Fatboy as a partnership, offering support and guidance through Jabber. While the RaaS has not yet received any endorsements or feedback from the hacking community, on March 26, “ilcn,” a reputable member of the forum, offered to assist polnowz with translation in the product.

Query results for “Fatboy Ransomware” in Recorded Future show posts by polnowz and ilcn about Karmen.
Background
The Fatboy ransomware is dynamic in the way it targets its victims; the amount of ransom demanded is determined by the victim’s location.
According to polnowz, Fatboy uses a payment scheme based on The Economist’s Big Mac Index (cited as the “McDonald’s Index” in the product description), meaning that victims in areas with a higher cost of living will be charged more to have their data decrypted.

The Economist invented the Big Mac Index in 1986 as a tool for explaining exchange-rate theory.
Purchasers of the Fatboy RaaS partner directly with the author of the malware and not through a third-party vendor. Potential partners also receive payment instantly when a victim pays their ransom, adding another level of transparency to this partnership.

Since February 7, 2017, the author of the Fatboy RaaS has purportedly earned at least $5,321 USD from their own ransomware campaigns using this product.

A computer infected with the Fatboy malware will display the above message, explaining that the user’s files have been encrypted, stating the ransom amount, and warning the user against interfering with the ransomware.
The following is the description of Fatboy RaaS by polnowz:
We invite you to take part in a partnership for the monetization of downloads with help of the Fatboy encryption software. Limited partnership.
Product Description
Base load 15.6 kB, written in C++
Active cryptolocker development and support
Works on all Windows OS x86/x64
Multi-language user interface (12 languages)
Encrypts every file with AES-256 with individual keys, then, all keys are encrypted with RSA-2048
Comfortable partner panel with full statistics by country and time
Detailed information on each individual client is in the partner panel
Scans all disks and network folders
New Bitcoin wallet number for each client
Software deletes after payment
Instant transfer of funds to the partner after the victim pays for decryption
Automatic file decryption after payment
Support for more than 5000 file extensions
Automatic price adjustment depending on the country’s living standards (McDonald’s Index)
Extended help with step-by-step instructions for payment
Partner Details
Support and guidance for partners through Jabber (OTR)
Conversion level of partner traffic makes up 3-15% of overall downloads
Partner program requires access to the admin panel
Requirements
Reasonable quality installs in reliable volumes
Doesn’t work in the Commonwealth of Independent States
There are no other bundles or ways to download

Conclusion
The level of transparency in the Fatboy RaaS partnership may be a strategy to quickly gain the trust of potential buyers. Additionally, the automatic price adjustment feature shows an interest in customizing malware based on the targeted victim.
Organizations should be aware of the adaptability of Fatboy, as well as other ransomware products, and continuously update their cyber security strategies as these threats evolve.
The post Fatboy Ransomware-as-a-Service Emerges on Russian-Language Forum appeared first on Recorded Future.
     
Go to Source
Author: Diana Granger

Powered by WPeMatico