Russian organized cybercrime now has a surprising method of determining how much to ask for – the Big Mac index from The Economist.
Security firm Recorded Future blogged that in March, a user of a Russian cybercrime forum promoted a new RaaS (ransomware-as-a-service product) called “Fatboy.” Both parties receive instant transfer of funds once the ransom is paid, so far everthing is fairly normal.
Now, here is the twist. The ransom is determined by the Big Mac Index created by The Economist. The Big Mac Index is a guide as to whether or not currencies are correctly valued according to purchasing power of specific goods – in this case, a McDonald’s hamburger. The index reflects those areas globally that have a higher cost of living.
The tool, which The Economist states was originally designed as a lighthearted attempt to gauge currency misalignment, has become a global standard for measuring international purchasing power parity.
This is done by determining the victim's IP, detecting the country to which that IP is assigned, and then using the Big Mac Index to show the final ransom sum. The victims of Fatboy RaaS who live in higher cost of living areas are extorted a higher amount of ransom to unlock their files. So, infection victims in Switzerland or Norway receive a higher ransom demand compared to targets in Ukraine or Egypt.
Tech Support Through Jabber
The Fatboy ransomware partnership links an interested party directly with the author of the malware, without third-party interference. As part of the partnership, users can receive assistance and support from the malware author directly through Jabber.
Fatboy is promoted as a C++ cryptolocker with multi-language user interface, and encrypts every file on a workstation plus any available network folders. A new Bitcoin wallet is generated for each infected device, and the code removes itself once payment is received.
Diana Granger, junior technical threat analyst at Recorded Future says Recorded Future has no data on usage of Fatboy, nor how much exactly its ransom amounts vary by country. From the standpoint of its core functionality, Fatboy is similar to the many other data encryption ransomware tools in the wild. "The automatic rate adjustment and direct partnership is what differentiate it," she says.
Ransomware Threat Confirmed By NTT Security
The growing threat was confirmed by recent research from NTTSecurity: 2017 Global Threat Intelligence Report, (PDF) which found that 22 percent of all global incident engagements were related to ransomware, more than any other category of attack.
Of the ransomware attacks observed via NTTSecurity's intelligence network, 77 percent were concentrated among four industries – business and professional services (28 percent), government (19 percent), health care (15 percent), and retail (15 percent).
Half of all incidents affecting health care organizations involved ransomware. “This may indicate that attackers have identified health care institutions as a vulnerable target more willing to pay ransom than other sectors,” their report noted.
We strongly recommend to phish your own users to prevent these types of very expensive snafus. If you're wondering how many people in your organization are susceptible to phishing, here is a free phishing security test (PST):
