Ransomware via Facebook, beware!

Locky Ransomware on Facebook Messenger – beware when opening photos

Your friend sends a photo in SVG format to your Facebook Messenger? Ignore the message and don’t open the photo at any cost!

The notorious Locky Ransomware “virus” spreads via private Facebook messages. Unfortunately, the popular social network is an ideal platform for spreading this malware.

LOCKY LOCKS ALL DATA

Hackers use seemingly harmless SVG photos to infect your computer with Locky Ransomware. Namely, once you click on the photo, Locky Ransomware hacks your computer, encrypts all your data and demands payment to decrypt them.

WHY SVG PHOTOS?

SVG photos (Scalable Vector Graphics) is an ideal media for spreading the Locky Ransomware “virus” as it can contain hidden content, e.g. an infected JavaScript code. Furthermore, SVG photos can be opened in a browser.

WHAT HAPPENS WHEN YOU CLICK?

When you click a malicious photo, the “virus” reroutes you to a web site similar to YouTube (which, of course, is not the “real” YouTube).

Once you get to the fake web page a popup message appears asking you to install or download additional extensions for the browser to be able to watch a video. These are malicious extensions named UBO and ONE.

By installing the UBO and ONE extensions, you allow hackers to enter your Facebook account via the browser and secretly send messages with the same SVG photos to all of your friends.

YOU’VE INSTALLED MALICIOUS BROWSER EXTENSIONS

So now what?

If Locky Ransomware has already infected your computer, the system may need to be wiped and reloaded and the only way to retrieve your data is to use a back-up.

Facebook’s security team is trying to stop this new way of spreading the dangerous “virus”. However, how the SVG file manages to bypass Facebook’s security filters remains unknown.

Meanwhile, beware of the photos you open in your Facebook Messenger – especially if the photos “act weird”.

follow us on Facebook at @Bristeeritech

 

fb-virus-header