Fatboy Ransomware
Posted: May 8, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 17,375 |
---|---|
Threat Level: | 8/10 |
Infected PCs: | 15,104 |
First Seen: | May 8, 2017 |
---|---|
Last Seen: | August 7, 2023 |
OS(es) Affected: | Windows |
The Fatboy Ransomware is a Ransomware-as-a-Service or RaaS Trojan that threat actors can 'hire' for conducting separate campaigns that encrypt their victims' files. Its features include significant support for the ransom-demanding side of the payload, which encourages you to pay Bitcoins to restore any blocked content. PC users should use standard anti-malware applications for uninstalling the Fatboy Ransomware and contact trusted anti-malware researchers for any other, necessary recovery help.
The Weight of Russian Trojans Slamming Down on Your Files
Even with the relatively easy access to the threat industry that's afforded by families like Hidden Tear, the market for file-encrypting threats continues to have room for 'lone wolf' products with custom features. Russia is, unsurprisingly, the birthplace of one of the newer independent Trojans malware experts can confirm in May: the Fatboy Ransomware. The Trojan has received additional marketing support from other threat actors already and appears to be ready for live deployment.
The Fatboy Ransomware's existence first was verifiable on an underground forum promoting it as a traditional RaaS. Independent con artists use RaaS Trojans like the Fatboy Ransomware, either on a rental basis or, in the Fatboy Ransomware's case, by giving the original authors a percentage of their ransom collections. The Trojan shows symptoms to its victims highly similar to those of the Critoni Ransomware (AKA CTB-Locker) but isn't a direct derivative from that family. Unlike CTB-Faker, the Fatboy Ransomware uses real file encryption for locking your local files.
The Trojan's payload uses the AES encryption and a second layer of the RSA to protect the keys it generates from the first level of encoding. After blocking the PC's files, the Fatboy Ransomware loads a screen-locking, HTA window with multi-language support for its Bitcoin-based ransoming demands. Further interactions redirect you to a series of notably verbose, and highly informative Web pages that the Fatboy Ransomware's author uses for describing the encryption and ransoming process at length.
These windows also include a clever social engineering trick: they claim that the decryption process is linked to the ransom transaction automatically and will occur without any manual intervention from the threat actors.
Trimming Bad Boy Trojans Down to Size
The Fatboy Ransomware's authors claim that the Trojan can lock thousands of formats' worth of data, among other features meant to appeal to interested con artists, such as instantaneous money transfers and, most unusually, an automatic ransom-adjusting feature deriving from the so-called 'Big Mac Index.' Overall, its feature set makes the Fatboy Ransomware a potentially versatile threat capable of deploying equally effectively throughout all continents.
Malware analysts continue recommending that any victims look for free data recovery options, when possible, instead of paying ransoms that may not have the intended effect. Well-known anti-malware sector research Michael Gillespie is offering limited assistance with potential decryption solutions currently. Backups also are effective consistently at giving users file-restoring strategies that avoid the technical difficulties sometimes found in decryptors.
The marketing campaign for the Fatboy Ransomware is extremely new but highly detailed and professional, with potential appeal to many threat actors. If you don't want to risk your files becoming a profit margin for Russian threat authors, you may want to give your anti-malware products a chance to analyze your downloads and, potentially, remove a the Fatboy Ransomware installer.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.