Ransom demands by hackers determined by The Economist
Fri 5 May 2017
Hackers installing ransomware and demanding payment in order to unlock a device have a surprising method of determining how much to ask for – the Big Mac index from The Economist.
Security firm Recorded Future noted that in March, a user of a Russian cybercrime forum posted an advertisement for a new ransomware-as-a-service product called “Fatboy.” Interested parties would partner with the advertiser “polnowz”, with each partner receiving a portion of the funds paid by victims of the scheme.
The ransom itself, however, is determined by the Big Mac Index created by The Economist. The Big Mac Index is a guide as to whether or not currencies are correctly valued according to purchasing power of specific goods – in this case, a McDonald’s hamburger. The index reflects those areas globally that have a higher cost of living.
The unfortunate victims of Fatboy ransomware who reside in higher cost of living areas will be charged a higher amount of ransom to unlock their device. Targets in Sweden, or Canada would receive a higher ransom demand compared to targets in Malaysia, or Ukraine.
The Fatboy ransomware partnership links an interested party directly with the author of the malware, without third-party interference. As part of the partnership, users can receive assistance and support from the malware author directly through Jabber.
The Fatboy malware is described as a C++ cryptolocker with multi-language user interface, that encrypts every file on a device including disks and network folders. A new Bitcoin wallet is generated for each infected device, and the software deletes automatically once payment is received. Both parties receive instant transfer of funds once the ransom is paid.
The author of the Fatboy ransomware claims to have earned over $5,000 in the last three months through their own campaigns.
Ransomware attacks are on the rise globally. One study showed that more than 4,000 attacks per day were reported in 2016, up 300% over 2015. Kaspersky Lab noted that ransomware attacks had increased in frequency from one every two minutes to one every 40 seconds for businesses and one every 10 seconds for consumers by September 2016.