Security researchers recently discovered Locky Ransomware being spread on Facebook and LinkedIn. This new attack is being called ImageGate by Checkpoint security researchers.
The malware is distributed by infected SVG (Scalable Vector Graphics) image and graphic files. Users are prompted to download a codec allowing them to view the file in question. We often warn users about avoiding malicious extensions, as they are a favorite tool of cyber criminals. It’s important to note that the malware laden images bypassed Facebook Messenger’s file extension filters, according to Blaze.
Once users open the downloaded file, the Locky ransomware becomes active. Our friends at Bitdefender have written extensively about the global ransomware threat. For those unfamiliar, ransomware encrypts all of the files on the infected system until a ransom is paid.
In October, Locky accounted for 5% of total malware attacks making it the second most common malware attack currently circulating.
We strongly encourage users to be suspicious of any image based files received via Facebook Messenger and LinkedIn contacts. It’s also a good idea to avoid downloading extensions of any kind. You shouldn’t need to download anything to view an image sent by a Facebook friend.
BitDefender Traffic Light is a free cross-browser add-on that intercepts, processes and filters all Web traffic, blocking any malicious content and taking browser security to new levels.
Private Internet Access is an award-winning, cost-effective VPN solution. The use of an anonymous and trusted VPN is essential to your online privacy, security and identity protection.