Fatboy ransomware adjusts demands based on local price of a Big Mac

A new ransomware-for-hire scheme called Fatboy adjusts the ransom it charges based on international exchange rates so it’s more likely the victims get hit for the largest amount they can reasonably pay.

Posted on Exploit, a Russian-language online forum, Fatboy automatically adjusts ransom demands according to where the victim is located, according to the Recorded Future blog.

That adjustment is based on the Big Mac Index, which was created by The Economist as a way to show whether official international monetary exchange rates line up with the price charged for a certain product – the Big Mac burger sold by McDonald’s – from country to country. The index tells whether currencies are overvalued or undervalued based on what McDonald’s charges in each country.

While criminals who license ransomware platforms have latitude to charge what they want, this is a rare example of automatically adjusting the extortion amount based on a publicly available scale.

In addition, the author of Fatboy partners with their criminal customers, and offers a quick turnaround on payments that victims make, Recorded Future says. The platform even offers “extended help” for victims to quickly figure out how to leave the extorted cash in a Bitcoin wallet.

“Purchasers of the Fatboy RaaS partner directly with the author of the malware and not through a third party like many other cyber criminals prefer. These partners also receive payment instantly when a victim pays their ransom, adding another level of transparency to this partnership,” Recorded Future says.

A hint about where Fatboy was written: “Doesn’t work in the Commonwealth of Independent States,” according to the Fatboy description on Exploit that was written by someone with the username polnowz, the report says.

MORE: Ransomware is booming