If you see a new image or graphic file on your computer that you don’t recall downloading, do not open it. The Locky ransomware program has moved on from MS Office Word to Facebook and LinkedIn vulnerabilities, and is now putting files on your computer that can lock you out of your data, according to Ars Technica.
Earlier this year Locky arrived on computers via a “malicious macro” in a Word document. In the last week, however, Ars Technica quotes Israeli security company Check Point reporting a “massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign.”
Typically what happens is that when you click on an image thumbnail, rather than displaying the image in a separate window, the file automatically downloads. It would be natural for most people to then click on the downloaded image — and that’s what executes the Locky code and immediately locks up all your files and demands ransom.
Vulnerabilities in Facebook and LinkedIn have been exploited by the perpetrators of the Locky attack, according to Check Point. “The attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end user clicks on the downloaded file.”
When Locky is activated on your computer the ransomware locks you out of your files. The only way to retrieve your data is by paying a ransom, hence the term ‘ransomware.’ Ars Technica reports the current ransom to unlock a user’s computer is about half a bitcoin, or $365.
Check Point stated it previously informed Facebook and LinkedIn of the vulnerability currently being used in the ransomware attack, but won’t make the details public until those social media and other major sites fix the security flaw.
The security firm’s recommendations to consumers are: “If you have clicked on an image and your browser starts downloading a file, do not open it. Any social media website should display the picture without downloading any file. Don’t open any image file with unusual extension (such as SVG, JS or HTA).” Note, however, that the file extension could also be JPG, PNG, or any other common form.
The bottom line on avoiding this particular means of an attack by Locky is, if you click on an image and it starts to download, whatever you do, do not open the image file on your computer.