Following the new research from Recorded Future, a new ransomware Fatboy is being advertised on a Russian-language forum. The ransomware uses a dynamic new targeting strategy that changes the cost of the ransom depending on the victim’s location, using The Economist’s Big Mac Index as a reference.
Fatboy is also offered with a ransomware-as-a-service model, with customer support over Jabber, and even a “partner” panel for users to track statistics by country and time. Ilia Kolochenko, CEO at High-Tech Bridge commented below.
Ilia Kolochenko, CEO at High-Tech Bridge:
“We will see an important growth in the RaaS model in the near future. Many cybercriminals don’t want, or simply don’t have enough skills, to do all the administrative work involved in ransomware – billing, support, money laundering, etc. With the RaaS model, even a kid can successfully receive payments from the victims without bothering about anything but hacking user machines.
There is nothing sophisticated in the RaaS model, it’s just about making this type of cybercrime more accessible and affordable. This is a sign that the cybercrime industry is maturing, like a legitimate business.
The changes in targeting mean that victims from developed countries will probably pay more to get their data back.
In terms of combatting the threat better, first of all, we need to only keep the necessary software on user machines and make sure that all software, not only the OS, is up2date. Client-side security software and various security hardening mechanisms are also very important. Last but not least, continuous security monitoring and anomalies detection systems should be implemented.
Ransomware is about business, not about technology. All the components for ransomware (e.g. encryption mechanisms, exploit packs, etc) have existed for many years. However, with the ransomware approach, victims have no other simple way to get their data back other than to pay. Reliability and certainty of payment makes ransomware especially attractive for cybercriminals.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.