Fatboy Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 14,646 |
Threat Level: | 80 % (High) |
Infected Computers: | 6,449 |
First Seen: | May 8, 2017 |
Last Seen: | August 7, 2023 |
OS(es) Affected: | Windows |
The Fatboy Ransomware has received substantial attention from the Press because of a curious aspect of its ransomware attack. The Fatboy Ransomware first appeared as a RaaS (Ransomware as a Service) portal being offered on the Dark Web to Russian-speaking hackers. The Fatboy Ransomware seems to be the work of a hacker that goes by the name 'polnowz' and first started promoting the Fatboy Ransomware on March 24, 2017. The Fatboy Ransomware carries out a typical ransomware attack but uses a wallpaper ransom note that includes a long and unusual set of instructions.
The Fatboy Ransomware stands out because of how it determines the victim's ransom amount. The Fatboy Ransomware determines how much money the victim must pay by detecting the victim's location through the IP address and then using the price of the McDonald's menu item, the Big Mac, to determine the ransom amount. This amount, known as the Big Mac Index, orders countries according to the purchasing power of the local currency, based on the price of the Big Mac from one place to the other. The Fatboy Ransomware is currently being spread to more people as an English version as the Fatboy Ransomware's marketing material came to light.
Table of Contents
A Generic Information about the Fatboy Ransomware Trojan
According to the advertisement for the Fatboy Ransomware RaaS, the following is the information being released by its creators to the public:
'We invite you to take part in a partnership for the monetization of downloads with help of the Fatboy encryption software. Limited partnership.
Product Description
Base load 15.6 kB, written in C++
Active cryptolocker development and support
Works on all Windows OS x86/x64
Multi-language user interface (12 languages)
Encrypts every file with AES-256 with individual keys, then, all keys are encrypted with RSA-2048
Comfortable partner panel with full statistics by country and time
Detailed information on each individual client is in the partner panel
Scans all disks and network folders
New Bitcoin wallet number for each client
Software deletes after payment
Instant transfer of funds to the partner after the victim pays for decryption
Automatic file decryption after payment
Support for more than 5000 file extensions
Automatic price adjustment depending on the country's living standards (McDonald's Index)
Extended help with step-by-step instructions for payment
Partner Details
Support and guidance for partners through Jabber (OTR)
Conversion level of partner traffic makes up 3-15% of overall downloads
Partner program requires access to the admin panel
Requirements
Reasonable quality installs in reliable volumes
Doesn't work in the Commonwealth of Independent States
There are no other bundles or ways to download'
More details of the Fatboy Ransomware RaaS, such as the percentage charged by its creators, are unknown currently. Fortunately, it seems that there is a way to recover from the Fatboy Ransomware attacks.
Dealing with a Fatboy Ransomware Infection
Shortly after the release of Fatboy Ransomware, PC security researchers announced that there are ways to recover certain files affected by the attack. However, since the Fatboy Ransomware uses a combination of AES and RSA encryption to make the victim's files completely inaccessible, it is not likely that full decryption of affected files is currently possible. It is a necessary step to take preventive measures to limit the potential damage from a Fatboy Ransomware infection.
Preventing the Fatboy Ransomware Attacks
The best protection against the Fatboy Ransomware and other ransomware Trojans that use a similar approach is to keep all your files backed up. If computer users can recover the encrypted files by copying them from a backup, then the people responsible for the attack lose any leverage they have over the victim that would allow them to make ransom demands. Apart from file backups, a reliable security program that is fully up to date can prevent the Fatboy Ransomware from being installed and carrying out its attack. Ultimately, since the Fatboy Ransomware may be delivered using corrupted email attachments, learning to spot online hoaxes and handling email attachments safely is probably the best protection against the Fatboy Ransomware and similar tactics.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.