Beware of new image files you didn’t download: They may launch ‘Locky’ ransomware

locky ransomware self downloading image files hacker  hacking symbol
www.elbpresse.de
If you see a new image or graphic file on your computer that you don’t recall downloading, do not open it. The Locky ransomware program has moved on from MS Office Word to Facebook and LinkedIn vulnerabilities, and is now putting files on your computer that can lock you out of your data, according to Ars Technica.

Earlier this year Locky arrived on computers via a “malicious macro” in a Word document. In the last week, however, Ars Technica quotes Israeli security company Check Point reporting a “massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign.”

Typically what happens is that when you click on an image thumbnail, rather than displaying the image in a separate window, the file automatically downloads. It would be natural for most people to then click on the downloaded image — and that’s what executes the Locky code and immediately locks up all your files and demands ransom.

Vulnerabilities in Facebook and LinkedIn have been exploited by the perpetrators of the Locky attack, according to Check Point. “The attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end user clicks on the downloaded file.”

When Locky is activated on your computer the ransomware locks you out of your files. The only way to retrieve your data is by paying a ransom, hence the term ‘ransomware.’ Ars Technica reports the current ransom to unlock a user’s computer is about half a bitcoin, or $365.

Check Point stated it previously informed Facebook and LinkedIn of the vulnerability currently being used in the ransomware attack, but won’t make the details public until those social media and other major sites fix the security flaw.

The security firm’s recommendations to consumers are: “If you have clicked on an image and your browser starts downloading a file, do not open it. Any social media website should display the picture without downloading any file. Don’t open any image file with unusual extension (such as SVG, JS or HTA).” Note, however, that the file extension could also be JPG, PNG, or any other common form.

The bottom line on avoiding this particular means of an attack by Locky is, if you click on an image and it starts to download, whatever you do, do not open the image file on your computer.

Product Review

It's not just light. Alienware's m15 is an entirely new breed of gaming laptop

Thin and light gaming is a new category of laptop, led by options like the Razer Blade. Alienware now has its own entry -- The Alienware m15. It’s not the thinnest, lightest, or sleekest option in the bunch, but it doesn’t hold back in…
Mobile

How to use Samsung’s Bixby assistant for all of your smartphone tasks

Samsung Bixby is a powerful tool, but not the most intuitive one we've encountered. Here's how to set up and use every feature of Samsung's digital assistant, as well as what to expect in the future.
Computing

Change your mouse cursor in Windows with these quick tips

The standard mouse cursor is boring, so change it! With this guide on how to change your mouse cursor in Windows, you can choose to use one of Microsoft's pre-installed cursors or download something a bit more extravagant.
Gaming

Find the perfect weapon in 'Call of Duty: Black Ops 4' multiplayer with our guide

Call of Duty: Black Ops 4 has several different guns to choose from in its multiplayer mode, and they're split across multiple classes. Here's a guide to all of them and when you should use them.
Gaming

Trash at 'Super Smash Bros. Ultimate'? Use this guide to train up and get good

Super Smash Bros. Ultimate is the biggest game in the entire series, and it can be overwhelming for newcomers not used to the universe-colliding fighting game. Here's what you need to know when you're starting.
Computing

PewDiePie supporters hack printers, hope to boost his subscription numbers

In an attempt to garner more subscribers for their favorite vlogger and secure his status as having the most YouTube subscribers, PewDiePie supporters claimed to have hacked thousands of printers worldwide.
Web

Chrome fights manipulative sites that don’t allow you to hit the back button

Have you encountered a webpage that won't let you hit the back button? Someun scrupulous websites employ what's known as history manipulation, preventing you from hitting the back button, but now Google Chrome will be fighting back.
Gaming

With our Steam guide, you can give the gift of gaming this holiday season

The holidays may have passed, but it's always a good time to give the gift of gaming (especially when there's a Steam sale)! Here's our quick guide on how to give a Steam game as a gift.
Photography

Forget painting-style transfers, this A.I. creates realistic portraits of fake people

Do these images look computer-generated? Nvidia researchers recently published a paper on a new variation on style transfer artificial intelligence that's able to generate entirely new portraits.
Computing

Leaked HP laptop listing reveals entry-level Nvidia MX250 GPU

Alongside powerful graphics cards, Nvidia may have more mobile GPUs to show off at next year's CES show in January. The MX250 has been spotted in a listing for an HP laptop, potentially replacing the entry-level MX150.
Computing

ZSpace’s laptop brings education to life with its own 3D technology

The ZSpace laptop wants to overhaul education and training by offering affordable access to 3D mixed reality through a bespoke screen and glasses technology that is already supported by a wide array of applications.
Computing

Former Microsoft intern claims Google may have sabotaged Edge browser

Google's Chrome web browser has been able to establish such dominance that Microsoft is abandoning its web rendering engine, switching Edge over to Chromium, but did Google play dirty in an attempt to force Microsoft to make the decision?
Computing

ViewSonic’s 1080p gaming monitor lets you experience the action in style

ViewSonic is catering to gamers with its latest monitor, the XG240R. Featuring a 1080p 144Hz panel, RGB lighting, and a fast 1ms response time, you can conquer your opponents and do it in style.
Computing

Here’s why you might still be using Wi-Fi after cellular 5G launches

Cellular 5G might be around the corner and promising to deliver lightning fast speeds, but the folks over at the Wi-Fi Alliance have a few reasons why they think you shouldn't dump Wi-Fi just yet.