Internet users are targeted by hackers with the intention to get money from them by all means. Usually, malware is installed on computers through browsers or OS security vulnerabilities and users fall victims to ransomware. But these attacks can be avoided with the right antivirus program an if people are more careful and don’t click on dubious links and banners. However, they tend to forget that sometimes, the social networks themselves can be the source of the problem, because they also have vulnerabilities that can be exploited by hackers.
According to researchers at Check Point, there’s a new variant of ransomware named Locky which takes advantage of vulnerabilities in the way Facebook, LinkedIn and other social networks handle images and it forces the system to download maliciously coded image file. Locky ransomware kicks into action when users access the file. “The attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file,” Check Point said.
After downloading that maliciously coded image file and users open it, their system is hijacked and files are encrypted, and in order to unlock them, victims must pay up (the key costs £294, $365). Back in February, security researcher Lawrence Abrams was warning that “When Locky encrypts a file it will rename the file to the format [unique_id][identifier].locky”, “So when test.jpg is encrypted it would be renamed to something like F67091F1D24A922B1A7FC27E19A9D9BC.locky. The unique ID and other information will also be embedded into the end of the encrypted file.”
The only way to avoid the actual Locky code, which has been around for almost a year, is to be aware of it and to not open the file. But usually, people who use social networks trust them and don’t realize that they open their doors to hackers who exploit flaws in these websites. Both Facebook and LinkedIn have been contacted by the Israeli security firm in September, but it’s not sure if the developers have the situation under control.
Take your mobile photography game to the next level with this affordable clip-on lens kit from Xenvo. Comes with a macro lens and a super wide angle lens that easily clip onto your phone for professional-grade photos on the go.