Beacon Transcript – The Locky Ransomware, one of the latest and most threatening such malware has changed tactic and is now using JPG files so at to attack and encrypt user files.
Locky is a somewhat more recent but already quite notorious ransomware tool. Security researchers discovered that the malware was spread through various social media applications, namely the Facebook Messenger.
Bart Blaze, the first researcher to detect the malware stated that the Locky managed to evade the usual file extension filters.
As such, it started sending SVG image files to unsuspecting users that would then proceed to download the Locky ransomware.
Before being moved to social media sites, the respective ransomware was usually spread via email spams which would come with disguised downloaders.
With users being warned against downloading unknown SVG files, a further set of security measures were released.
One such advice urged users to check their browser’s extensions and seek to detect suspect entries. Another measure advised a changing of the Facebook password.
However, as user were made aware of the new threat it, in turn, continued to develop as the malware has been extended to JPG files.
The JPG image files are perhaps the most commonly used picture format as most casual users chose it when sending pictures. Now, the Locky Ransomware seems to have infiltrated this file format as well.
Amongst the social media platform to have been affected, the researchers also included Facebook, which already was a slight target through the Messenger service, and LinkedIn.
Recent reports have shown that the cyber attackers have determined a way in which to embed the malicious codes into the JPG files.
They also seem to be taking advantage of a social network misconfiguration.
Researchers have detected an infrastructure misconfiguration which forces the respective social platform users to download image files.
As the error was detected, security firms have also informed the respective platforms so as to help protect users.
The Locky Ransomware, just as any malware of its type, works after a basic principle. A user which has downloaded a malware-coded file should not open it.
Once it is opened, the malware code proceeds to encrypt the respective user’s files. In order to recover them, users are then required to pay a ransom, hence the name.
Ransomware has become increasingly more common and has started being more utilized after the rise of social media platforms.
As more people are joining a social platform, attackers have also been turning their attention to them and have started springing up new techniques.
With the ransomware being one of them, users, especially newer ones, could easily fall into their trap. As image sharing is one of the most common social interaction activities, users are recommended to be careful what they download.
Also, in case an unknown image has appeared in the download directory, do not open them. As most social websites show picture previews without needing to download them, the file could be a malware.
Users should also be careful and avoid opening unusual file extensions such as SVG, HTA, or JS.
An extra care should also target the usual extensions such as PNG or JPG files as they should only be opened if the user is sure of their origin.
Image Source: Pixabay