carbonite logo

Commonly searched topics:

backupcloud backupaccount sign in

Article · May 12, 2017

Fatboy ransomware uses ‘Burgernomics’ to determine ransom demands

Fatboy ransomware uses ‘Burgernomics’ to determine ransom demands

Color illustration of laptop screen showing a security warning.

The recently-discovered Fatboy ransomware virus is designed to customize ransom demands based on a victim's location and likely income range—and it depends on a popular McDonald's hamburger to get the job done right.

Fatboy ransomware dynamically selects its ransom demands based on The Big Mac index, an annual survey report from The Economist magazine that is used to measure the purchasing power parity between nations. Often referred to as "Burgernomics," the report uses the price of a Big Mac as its benchmark.

Fatboy ransomware is being distributed "as a service." That means pretty much anyone—even wannabe cybercriminals with poor technical skills—can pay a fee, download the platform and launch a ransomware attack.

Fatboy gives victims four days to pay the individualized ransom amount. If they fail to pay in time, Fatboy deletes the decryption key in an attempt to ensure that the files will never be recovered, according to security researchers. However, victims who take the initiative and regularly back up their files can still recover data following an attack.

How Fatboy works
Security researchers first noticed Fatboy in late March when an advertisement for the ransomware-as-a-service (RaaS) platform appeared in an underground digital marketplace created by Russian-speaking cybercriminals.The creator of the advertisement, who goes by the name "Polnowz," claims that the platform uses the Jabber instant messaging service to provide buyers with guidance on how to create a ransomware campaign. Buyers can expect to keep 3%-15% of the profits generated from successful attacks. The rest of the money goes to Polnowz.

The creator of the advertisement, who goes by the name "Polnowz," claims that the platform uses the Jabber instant messaging service to provide buyers with guidance on how to create a ransomware campaign. Buyers can expect to keep 3%-15% of the profits generated from successful attacks. The rest of the money goes to Polnowz.

Fatboy is written in C++ and is supported by an active development team, according to Polnowz's initial blog post. It works on all Windows operating systems and can scans network folders for 5,000 different file extensions. It encrypts the targeted files using AES-256 encryption.

After it runs its encryption routine, Fatboy uses the Big Mac index to automatically adjust the ransom price based on the victim's location and presumed income status. The victim is then presented with the customized ransom demand.

Threat intelligence firm Recorded Future posted a theory which explains why Polnowz is so open with regard to Fatboy's technical details.

"The level of transparency in the Fatboy RaaS partnership may be a strategy to quickly gain the trust of potential buyers," the post reads. "Additionally, the automatic price adjustment feature shows an interest in customizing malware based on the targeted victim."

Protect yourself and your business
To protect against a ransomware infection, businesses and individuals should regularly back up data and apply the latest security patches to any applications being used. It's also important to educate yourself and employees about how to spot email phishing scams, one of the most common delivery vectors for ransomware.

For more news and information on the battle against ransomware, visit the FightRansomware.com homepage today.

Author

David Bisson

David Bisson is an infosec news junkie and security journalist. He currently works as Contributing Editor for Graham Cluley Security News, Associate Editor for Tripwire's "The State of Security" blog, and Contributing Author to Metacompliance Ltd. and OASIS Open. David hopes his writing will help protect users against online threats, especially ransomware.

Related content