A new email-borne threat has recently been identified. Known as Fatboy ransomware , this new ransomware-as-a-service (RaaS) being sold on darknet forums in Russia. The RaaS provided would-be cybercriminals the chance to conduct ransomware campaigns without having to formulate their own malicious code.

RaaS has proven hugely popular. By providing RaaS, malicious code authors can inpact more end users by increasing the number of people sharing the ransomware.  In the instance of Fatboy ransomware, the code author is offering restricted partnerships and is dealing with affiliates directly via the instant messaging platform Jabber.

Fatboy ransomware encrypts files via AES-256, generating an individual key for the files and then encrypting those keys  via RSA-2048. A different bitcoin wallet is used for each client and a guarantee is made to transfer funds to the affiliates as soon as the money is transferred. By offering to deal directly with the affiliates, being transparent about the RaaS and offering support, it is envisaged that the code author is trying to earn trust.

Additionally, the ransomware interface has been translated into 12 different languages, allowing campaigns to be carried in many countries globally. Many RaaS offerings are restricted geographically by language.

Fatboy ransomware also has a new feature that aims to maximize the chance of the victim paying the ransom demand. This RaaS permit attackers to set the ransom payment automatically based on the victim’s location. In places with a high standard of living, the ransom payment will be higher.

To calculate the cost of living, Fatboy ransomware implements the Big Mac Index. The Big Mac Index was  devised by The Economist as a method of determining whether currencies were at their correct values. If all currencies are at their correct value, the price of a product in each country should be identical. The product picked was a Big Mac. So the higher the cost of a Big Mac in the victim’s country, the higher the ransom demand that is sent out.

New ransomware variants are always being developed and RaaS permits many more individuals to conduct ransomware campaigns. It is no surprise that the number of ransomware attacks has increased.

The price of resolving a ransomware infection can be significant. Businesses must see to it that they have defenses in place to block attacks and ensure they can recover quickly.

Backup must  be made regularly to ensure files can be easily rescued. Employees should be trained on security best practices to prevent them inadvertently downloading ransomware. Anti-spam solutions should also be put in place to stop malicious emails from reaching end users’ inboxes. Luckily, even with a predicted rise in ransomware attacks, companies can effectively mitigate risk if appropriate defenses are put in place.