In the past, Locky Ransomware was being distributed heavily via phishing emails, but since many people have gotten wise, the crooks are now targeting Facebook, LinkedIn, and other social media users. The company's researchers claimed November 24 that it had found an additional infrastructure weakness in some social media services that allowed the attack to be more effective.
ImageGate is the new method hackers are using to embed malicious codes into existing files from social platforms. And in case they inadvertently download such a file, they should not attempt to open it, especially if it has an unfamiliar filename extension. users should also refrain from opening any image file with unusual extension (such as SVG, JS or HTA). The malware deliberately forces the download of such images on users' computers and then encrypts their files. However, FB argues that the real culprit is bad extensions for Alphabet Inc's (NASDAQ:GOOG,GOOGL) Google Chrome web browser.
Did you find this update on Locky Ransomware helpful?
Facebook is disputing recent reports that the file-encrypting ransomware known as Locky spread through its instant messaging platform. First of all, don't click on any image visible on social media (it can be viewed without clicking on it); and if you have clicked, and it gets downloaded, then don't click to open it.
Check Point reported that the malware was taking advantage of flaws in how images on Facebook and LinkedIn are being processed to infect your computer. Users are typically asked to pay between.5 to 1 bitcoin (US$315 to $730) to decrypt their files (see Retooled Locky Ransomware Pummels Healthcare Sector). There is no connection to Locky or any other ransomware, and this is not appearing on Messenger or Facebook. In response, a Facebook spokesperson denied the existence of such a vulnerability and said that the issue was only caused by several "bad Chrome extensions" which they already started blocking several days before the news broke. Earlier this week, Hacker News reported that a Facebook spam campaign was spreading Locky through image files in the SVG format. If an image file is downloaded automatically, do not open it, and delete it.
Using social engineering methods, users are prompted to click on the image, which triggers an automatic download of the same. The fact that many people are on social media, it would be a flawless place for their new operation.