Facebook malware alert: 'Locky' ransomware attack through Facebook, LinkedIn

By Ryan Dawn Umadhay / Nov 28, 2016 05:19 AM EST
(Photo : YouTube/BuzzkillTutorials) Social networking platform Twitter recently awarded $10,080 to Indian-born White Hat hacker Avinash Singh who was able to point out a security loophole in the company’s video-sharing service called Vine.

Two of the biggest social networking sites are reportedly used for malicious attacks that causes the computer to lock its files unless payment is made to the hacker. It's a relatively simple attack but comes with devastating results for anyone locked out of their files.

Ransomware through Facebook, LinkedIn

A new malware is circulating online and it's currently taking advantage of two of the largest social networking sites according to Ars Technica. Currently referred to as a "Locky" ransomware, the type of attack is pretty simple and could be avoided by anyone familiar to malware attacks but could end up fooling those who are not familiar to security concerns online.

The attack is pretty simple: the attacker uploads or sends an image to a Facebook and LinkedIn user. If the image is clicked and opened, the malware is executed and all files in the computer becomes encrypted. The only way to get the files back is when the computer user pays as a ransom.

The attacks take advantage of the security flaw in the mentioned social networks. The flaws were reported by Check Point and the files are often held for ransom for as much as $365 dollars. Payment are made through bitcoin.

Prevention and Protection

According to Engadget, they already got in touch with these sites regarding the status of their security patches on these attacks. Although these sites have already acknowledged the problem, the information regarding the security fix are still limited.

The attacks only happen when the file is downloaded and executed. Users of these sites are advised to take extra caution on downloading images on popular social media sites. More often than not, these images do not come with familiar extension - an indicative that it already contains malicious codes that could destroy any computer.

If the sender is also unknown, it's better to take extra precaution to ignore the file and block the sender. The malicious file often does not have preview of their images and they often come as an executable file.

Watch the demo on how the malicious virus attacks the computer files below: