The Locky Ransomware has been making its way into social media. They have been targeting social media to infect more computers to grab more money from unsuspecting victims.
They booby trap a video or image which they have spread all over social networking sites and expect victims to get infected with the Locky ransomware. Facebook and LinkedIn will be compromised and credentials stolen once the file gets executed.
The malware originally was spread via word documents which contained macros, and now, it has been spreading via social networking.
This ransomware is a new strain which encrypts files and renames the file extension as .locky and can only be decrypted if the victim pays ransom with bitcoins.
According to Info Security, Check Point researchers discovered the Locky ransomware being spread using Facebook messenger with Scalable Vector Graphics or SVG file. The victim who is unwary about the image he/she received will click on the image. The victim will be directed to a fake YouTube website and will be asked to download a file before the victim can watch it.
Once the malware has been downloaded, the victim will then be asked to run the file to install it. Locky ransomware will now affect the victim’s files on his/her computer with an encryption. To retrieve the files, the victim will have to pay a ransom amounting with one Bitcoin, which is equivalent to $736.
The security researchers have already contacted Facebook and LinkedIn about the vulnerability, however, it has not been patched up.
The file extension names are not limited to .locky only. Previous malware versions have used the .Shit file extension, .THOR, and now, it has used the .SVG file name extension, JS and HTA extension. It keeps on changing very so often. The updated naming convention is unlimited to the developers imagination.
For now, it is highly advised to stop forwarding unknown images or links to your friends. If you have received one, do not click or open them. If it is way too late for you and you have been infected, say goodbye to your files unless you pay the ransom. Paying the ransom is in a way supporting the cyber criminals with their evil ways. So please be careful.
