Threat Database Ransomware Fatboy Ransomware

Fatboy Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 14,646
Threat Level: 80 % (High)
Infected Computers: 6,449
First Seen: May 8, 2017
Last Seen: August 7, 2023
OS(es) Affected: Windows

The Fatboy Ransomware has received substantial attention from the Press because of a curious aspect of its ransomware attack. The Fatboy Ransomware first appeared as a RaaS (Ransomware as a Service) portal being offered on the Dark Web to Russian-speaking hackers. The Fatboy Ransomware seems to be the work of a hacker that goes by the name 'polnowz' and first started promoting the Fatboy Ransomware on March 24, 2017. The Fatboy Ransomware carries out a typical ransomware attack but uses a wallpaper ransom note that includes a long and unusual set of instructions.

The Fatboy Ransomware stands out because of how it determines the victim's ransom amount. The Fatboy Ransomware determines how much money the victim must pay by detecting the victim's location through the IP address and then using the price of the McDonald's menu item, the Big Mac, to determine the ransom amount. This amount, known as the Big Mac Index, orders countries according to the purchasing power of the local currency, based on the price of the Big Mac from one place to the other. The Fatboy Ransomware is currently being spread to more people as an English version as the Fatboy Ransomware's marketing material came to light.

A Generic Information about the Fatboy Ransomware Trojan

According to the advertisement for the Fatboy Ransomware RaaS, the following is the information being released by its creators to the public:

'We invite you to take part in a partnership for the monetization of downloads with help of the Fatboy encryption software. Limited partnership.
Product Description
Base load 15.6 kB, written in C++
Active cryptolocker development and support
Works on all Windows OS x86/x64
Multi-language user interface (12 languages)
Encrypts every file with AES-256 with individual keys, then, all keys are encrypted with RSA-2048
Comfortable partner panel with full statistics by country and time
Detailed information on each individual client is in the partner panel
Scans all disks and network folders
New Bitcoin wallet number for each client
Software deletes after payment
Instant transfer of funds to the partner after the victim pays for decryption
Automatic file decryption after payment
Support for more than 5000 file extensions
Automatic price adjustment depending on the country's living standards (McDonald's Index)
Extended help with step-by-step instructions for payment
Partner Details
Support and guidance for partners through Jabber (OTR)
Conversion level of partner traffic makes up 3-15% of overall downloads
Partner program requires access to the admin panel
Requirements
Reasonable quality installs in reliable volumes
Doesn't work in the Commonwealth of Independent States
There are no other bundles or ways to download'

More details of the Fatboy Ransomware RaaS, such as the percentage charged by its creators, are unknown currently. Fortunately, it seems that there is a way to recover from the Fatboy Ransomware attacks.

Dealing with a Fatboy Ransomware Infection

Shortly after the release of Fatboy Ransomware, PC security researchers announced that there are ways to recover certain files affected by the attack. However, since the Fatboy Ransomware uses a combination of AES and RSA encryption to make the victim's files completely inaccessible, it is not likely that full decryption of affected files is currently possible. It is a necessary step to take preventive measures to limit the potential damage from a Fatboy Ransomware infection.

Preventing the Fatboy Ransomware Attacks

The best protection against the Fatboy Ransomware and other ransomware Trojans that use a similar approach is to keep all your files backed up. If computer users can recover the encrypted files by copying them from a backup, then the people responsible for the attack lose any leverage they have over the victim that would allow them to make ransom demands. Apart from file backups, a reliable security program that is fully up to date can prevent the Fatboy Ransomware from being installed and carrying out its attack. Ultimately, since the Fatboy Ransomware may be delivered using corrupted email attachments, learning to spot online hoaxes and handling email attachments safely is probably the best protection against the Fatboy Ransomware and similar tactics.

Trending

Most Viewed

Loading...