Security researchers recently discovered Locky Ransomware being spread on Facebook and LinkedIn. This new attack is being called ImageGate by Checkpoint security researchers.
The malware is distributed by infected SVG (Scalable Vector Graphics) image and graphic files. Users are prompted to download a codec allowing them to view the file in question. We often warn users about avoiding malicious extensions, as they are a favorite tool of cyber criminals. It’s important to note that the malware laden images bypassed Facebook Messenger’s file extension filters, according to Blaze.
Once users open the downloaded file, the Locky ransomware becomes active. Our friends at Bitdefender have written extensively about the global ransomware threat. For those unfamiliar, ransomware encrypts all of the files on the infected system until a ransom is paid.
In October, Locky accounted for 5% of total malware attacks making it the second most common malware attack currently circulating.
We strongly encourage users to be suspicious of any image based files received via Facebook Messenger and LinkedIn contacts. It’s also a good idea to avoid downloading extensions of any kind. You shouldn’t need to download anything to view an image sent by a Facebook friend.