9 Jan 2018

Locky ransomware spreading via Facebook Messenger

Ransomware is a sophisticated malware that infects your computer, encrypts files and denies victim access to his/her files until a ransom is paid within a stipulated time. Read information on what Ransomware is, how criminals infect your computer with Ransomware, and what you can do to stay safe. All that information is here.

If you receive Facebook Message from any of your Facebook friends with an image with file-type ".svg", Don't click or open the file.

Security researchers have discovered Locky Ransomware spreading through images with ".svg" format. When a person opens the ".svg" file on a computer, a browser opens a YouTube page and prompts you to install a codec extension to view a video or image sent by a Facebook contact/friend. If you install the extension, it spreads itself automatically via Facebook stealing sensitive information, downloading malware to your machine including Locky Ransomware. All files on the affected computer are encrypted until a ransom is paid.
Scalable Vector Graphics (SVG) is an XML-based vector image format for two-dimensional graphics with support for interactivity and animation. The SVG specification is an open standard developed by the World Wide Web Consortium (W3C) since 1999.
Bart Blaze published this blog where he posted screenshots of the entire attack taking place on Facebook Messenger. You can read the article here.
To better protect yourself from these types of attacks, people should avoid downloading attachments from people they don’t know, or open attachments that look like an image but contain an unusual filename extension. In conclusion, don't open a file with a ".svg" file extension. You should show file-extensions so that you can spot suspicious files.