A new version of the Locky ransomware virus (malware) is making the rounds. What makes this one so special is that is seems to exploit flaws and vulnerabilities in both Facebook and LinkedIn. This has allowed it to spread much faster and infect far more users than previous versions. According to the security firm Check Point, flaws in the two social networks allow a picture file that has been infected with the virus to be downloaded to a user’s computer. When a user notices the file and opens it, the Locky ransomware virus is installed. At this point, it seems the virus is focusing more on Facebook.
Checkpoint has done a detailed write up on the issue and has reported the flaws used to both Facebook and Linked In.
“The attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.
As more people spend time on social networking sites, hackers have turned their focus to find a way in to these platforms. Cyber criminals understand these sites are usually ‘white listed,’ and for this reason, they are continually searching for new techniques to use social media as hosts for their malicious activities.”
What is the Locky ransomware virus?
Locky infects the files on your computer and then leaves a note behind called “[unique_id][identifier].locky ” to give you instructions on how to remove it. This involves sending a payment of varying amount to the attackers for an unlock code. currently the amount is around $365. You can tell if a file is infected because it will change the name of the files on your computer. It follows the following format –
Example – D34824A2BB422EF458E4F0C128F6D.locky
If you see any files with the extension of .locky or you see the ransom demand and removal instructions, you are infected.
You can read a more detailed description of the Locky ransomware virus here at Ars Technica.
If you have questions about the Locky virus or have been infected and need help getting your computer working again, please contact us at Iron Comet at 770-506-4383 for help.