ALERT : Hackers spreading Locky ransomware by uploading infected .SVG images on Facebook Messenger
Who Discovered ?
Bart Blaze, a very well known reputed security researcher first discovered this type of ransomware attack which is being conducted via Facebook Messenger. Later, Peter Kurse, another security researcher with extensive experience in investigating cyber-crimes confirmed the news to reporters.
Bart Blaze wrote in his personal blog :
“As always, be wary when someone sends you just an ‘image’ – especially when it is not how he or she would usually behave”.
And Facebook has released the following statement in response to the discovery:
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook, and we are already blocking these ones from our platform. In our investigation, we determined that these were not, in fact, installing Locky malware—rather, they were associated with Chrome extensions. We have reported the bad browser extensions to the appropriate parties”.
What is Locky Ransomware ?
The name of this ransomware is LOCKY. What is Locky ? it actually denotes one of the today’s prevalent ransomware families. It was discovered in the mid-February 2016. This file-encrypting epidemic proved to be sophisticated enough to fly under the radar of conventional anti-malware defense. However, Locky is one of the most preferred malicious software used by hackers.
How to spread ?
To spread Locky ransomware hackers are using a downloader software called Nemucod. This downloader is being used by hackers to help the ransomware bypass Facebook security by pretending to be a .svg image file. Hackers is now delivering this downloader software Nemucod through Facebook Messenger.
What is .svg image file ? How hackers spread ransomware through it ? SVG extension file is scalable vector graphics file. It’s based on XML (Extensible Markup Language). So, it’s very easy to implement a set of codes of any harmful programs in it.
However, after loading the fishing site you’ll be requested to download & install a codec so that the desired video could be played. This codec is presented in Chrome extension. If you install this codec chrome extension then the attack shall be distributed to other friends of you via Facebook Messenger. And at the same time this chrome extension will install Nemucod downloader, and instantly Locky will be installed into your system via Nemucod downloader. After that your all personal files on PC will be encrypted (locked) by Locky & it’ll demand some money via Bitcoin to decrypt them.
follow me on steemit AND resteem it
follow me on twitter https://twitter.com/Royalmacro
MY STATS REPUTATION SCORE : 66.3 | TOTAL FOLLOWERS : 222 TOTAL BLOG POSTS : 291 | TOTAL LIKES : 13820 TOTAL EARNINGS : $2412.83