ALERT : Hackers spreading Locky ransomware by uploading infected .SVG images on Facebook Messenger

in news •  3 years ago  (edited)

ALERT : Hackers spreading Locky ransomware by uploading infected .SVG images on Facebook Messenger



enter image description here



Who Discovered ?

Bart Blaze, a very well known reputed security researcher first discovered this type of ransomware attack which is being conducted via Facebook Messenger. Later, Peter Kurse, another security researcher with extensive experience in investigating cyber-crimes confirmed the news to reporters.

Bart Blaze wrote in his personal blog :

“As always, be wary when someone sends you just an ‘image’ – especially when it is not how he or she would usually behave”.

And Facebook has released the following statement in response to the discovery:

“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook, and we are already blocking these ones from our platform. In our investigation, we determined that these were not, in fact, installing Locky malware—rather, they were associated with Chrome extensions. We have reported the bad browser extensions to the appropriate parties”.



enter image description here



What is Locky Ransomware ?

The name of this ransomware is LOCKY. What is Locky ? it actually denotes one of the today’s prevalent ransomware families. It was discovered in the mid-February 2016. This file-encrypting epidemic proved to be sophisticated enough to fly under the radar of conventional anti-malware defense. However, Locky is one of the most preferred malicious software used by hackers.

How to spread ?

To spread Locky ransomware hackers are using a downloader software called Nemucod. This downloader is being used by hackers to help the ransomware bypass Facebook security by pretending to be a .svg image file. Hackers is now delivering this downloader software Nemucod through Facebook Messenger.

What is .svg image file ? How hackers spread ransomware through it ? SVG extension file is scalable vector graphics file. It’s based on XML (Extensible Markup Language). So, it’s very easy to implement a set of codes of any harmful programs in it.





However, in this case hackers has embedded JavaScript. When you access this infected vector image file (SVG) then this java-script directs you to a site that seems to be YouTube’s landing page. But, actually it is not real Youtube’s homepage. It’s a clone site developed by hackers. If you look in the url then you will find that it’s 100% different.



enter image description here



However, after loading the fishing site you’ll be requested to download & install a codec so that the desired video could be played. This codec is presented in Chrome extension. If you install this codec chrome extension then the attack shall be distributed to other friends of you via Facebook Messenger. And at the same time this chrome extension will install Nemucod downloader, and instantly Locky will be installed into your system via Nemucod downloader. After that your all personal files on PC will be encrypted (locked) by Locky & it’ll demand some money via Bitcoin to decrypt them.



enter image description here



News Source : https://www.hackread.com/facebook-messenger-images-drop-locky-ransomware/

Source of images used in this article : img-sourec1, img-source2, img-source3, img-source4, img-source5

follow me on steemit AND resteem it

&

follow me on twitter  https://twitter.com/Royalmacro

                                                                             


                     MY STATS
   REPUTATION SCORE : 66.3 | TOTAL FOLLOWERS : 222
   TOTAL BLOG POSTS : 291  | TOTAL LIKES : 13820
   TOTAL EARNINGS   : $2412.83
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

And this is why you should always back-up your most important files.
Either at a service like dropbox or google drive, or on a offline drive which is not connected to your computer.
I've seen several people be infected by viruses like this and all you can really do is format your drives and reinstall.

Do not pay these bastards!

And of course...don't open files without knowing what they contain.

I agree with you ....
I always back up my important files. And also I'm using Bitdefender Anti Ransomware

Haven't tried bitdefender anti ransomware, gotta check that out.

Another thing for the more careful types of people, if you don't trust a provider like Drive and dropbox with your more sensitive file, use 7zip and encrypt the library before uploading. Works like a charm.:)

Man, this is scary. Thanks for the warning!

This post has been ranked within the top 25 most undervalued posts in the first half of Nov 23. We estimate that this post is undervalued by $6.86 as compared to a scenario in which every voter had an equal say.

See the full rankings and details in The Daily Tribune: Nov 23 - Part I. You can also read about some of our methodology, data analysis and technical details in our initial post.

If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.