Fatboy ransomware-as-a-service changes extortion level based on The Economist's McDonald's Index

Londoners will be charged more than residents of Caracas to get their ransomed files back

A new ransomware 'service' has emerged in Russian malware forums that claims that users can adjust the level of extortion demanded from victims according to their location.

The malware, called Fatboy, was uncovered by a threat-finding company called Recorded Future, which claims to have uncovered an advertisement for Fatboy, placed on a Russian malware forum by a member called 'Polnowz'.

The advertisement is for a ransomware service that can change charges depending on where a victim lives.

For example, a victim living somewhere with a relatively high standard of living would be charged a higher fee for the return of their encrypted and ransomed files than someone living somewhere relatively poor.

"The Fatboy ransomware is dynamic in the way it targets its victims: the amount of ransom demanded is determined by the victim's location," says Diana Granger, a junior technical threat analyst at Recorded Future.

She continued: "According to polnowz, Fatboy uses a payment scheme based on The Economist's Big Mac Index... meaning that victims in areas with a higher cost of living will be charged more to have their data decrypted."

The McDonald's Index is an informal tool devised by The Economist to compare inflation and the relatively prosperity of different countries by using the price of Big Macs as a point of comparison.

The Fatboy malware is so far working out OK for its author, according to Granger, who claimed that they had earned a purported $5,321 from their efforts.

Fatboy is apparently something of a partnership effort, and is very transparent, A full list of its capabilities are provided, included its encryption details and payment options.

"The level of transparency in the Fatboy RaaS [ransomware-as-a-service] partnership may be a strategy to quickly gain the trust of potential buyers. Additionally, the automatic price adjustment feature shows an interest in customising malware based on the targeted victim," adds Granger.

"Organisations should be aware of the adaptability of Fatboy, as well as other ransomware products, and continuously update their cyber security strategies as these threats evolve."

Microsoft has Fatboy down as Trojan: Win32/Fatboy and lists it as a severe threat. However it adds that Windows Defender Anti-virus can already detect and remove it.

Computing's Big Data and IoT Summit 2017 and the Big Data and IoT Summit Awards are coming on 17 May 2017.

Find out what construction giant Amey, Lloyds Banking Group, Financial Times and other big names are doing in big data and the Internet of Things.

Attendance to the Summit is free to qualifying senior IT professionals and IT leaders, but places are strictly limited, so apply now.

AND on the same day, Computing is also proud to present the Big Data and IoT Summit Awards, too. See the finalists - and secure a table for your team at the Awards - now: