ImageGate: Locky ransomware images now spreading via Facebook, LinkedIn

Check Point researchers reveal a new vector for spread of the Locky ransomware. Ransomware is a kind of malware that encrypts the data on your computer, and demands a ransom to unlock the data. Users are faced with the choice of losing their data, or paying the attackers. Check Point researchers discovered a method that allows malicious attackers to hide ransomware into images, and upload it on social media platforms such as Facebook and LinkedIn. When users download and open the linked images, the malicious code is executed, and the computer of the target is compromised. Additionally, the attackers exploit a misconfiguration on social media platforms to force users to download the disguised image file. Here is the malware in action.

The revelations come after industry-wide tracking of a massive social media ransomware campaign. “Check Point researchers strongly believe the new ImageGate technique reveals how this campaign was made possible, a question which has been unanswered until now,” Check Point researchers note in a blog post. The check Point researchers have not made available the details of the exploit, and will do so once the affected social media platforms take steps to prevent the spread of the malicious images. The Safety measures suggested to users are, be wary of image files with odd extensions, such as .svg, .js or .hta. If an image file is downloaded automatically, do not open it, and delete it. Social media platforms are designed to be browsed without having to download the images.