Skip to main content

Beware of new image files you didn’t download: They may launch ‘Locky’ ransomware

locky ransomware self downloading image files hacker  hacking symbol
www.elbpresse.de
If you see a new image or graphic file on your computer that you don’t recall downloading, do not open it. The Locky ransomware program has moved on from MS Office Word to Facebook and LinkedIn vulnerabilities, and is now putting files on your computer that can lock you out of your data, according to Ars Technica.

Earlier this year Locky arrived on computers via a “malicious macro” in a Word document. In the last week, however, Ars Technica quotes Israeli security company Check Point reporting a “massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign.”

Typically what happens is that when you click on an image thumbnail, rather than displaying the image in a separate window, the file automatically downloads. It would be natural for most people to then click on the downloaded image — and that’s what executes the Locky code and immediately locks up all your files and demands ransom.

Vulnerabilities in Facebook and LinkedIn have been exploited by the perpetrators of the Locky attack, according to Check Point. “The attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end user clicks on the downloaded file.”

When Locky is activated on your computer the ransomware locks you out of your files. The only way to retrieve your data is by paying a ransom, hence the term ‘ransomware.’ Ars Technica reports the current ransom to unlock a user’s computer is about half a bitcoin, or $365.

Check Point stated it previously informed Facebook and LinkedIn of the vulnerability currently being used in the ransomware attack, but won’t make the details public until those social media and other major sites fix the security flaw.

The security firm’s recommendations to consumers are: “If you have clicked on an image and your browser starts downloading a file, do not open it. Any social media website should display the picture without downloading any file. Don’t open any image file with unusual extension (such as SVG, JS or HTA).” Note, however, that the file extension could also be JPG, PNG, or any other common form.

The bottom line on avoiding this particular means of an attack by Locky is, if you click on an image and it starts to download, whatever you do, do not open the image file on your computer.

Bruce Brown
Digital Trends Contributing Editor Bruce Brown is a member of the Smart Homes and Commerce teams. Bruce uses smart devices…
Best MSI gaming laptop deals: Save on the Bravo, Delta and Stealth
MSI GT77 Titan (2023) playing Cyberpunk 2077.

MSI makes some of the best high-end gaming laptops on the market. Their Bravo and Delta line are great for gamers on a budget, while the impressive Stealth line is here for people looking for a powerhouse mobile gaming system. Thankfully everything from the budget laptops to the professional rigs is on sale right now, so you can save hundreds on a prebuilt gaming laptop with impressive specs. Our picks for the best MSI gaming laptop deals are below.
MSI Bravo 15 -- $800, was $1,000

The MSI Bravo is a good starting place if you're just getting into the world of PC gaming. It has quality components, but nothing too flashy or expensive. It's compact at just 15.6-inches, but the screen still has a 144Hz refresh rate and 1080p resolution. The main money saver is in the AMD Ryzen 5 processor. The graphics card is an impressive Nvidia GeForce RTX 4050, which is where most of the budget goes. It skimps a bit on memory, with a standard 16GB of RAM but only 512GB of storage on its SSD.

Read more
As an enthusiast, these are the apps every PC needs to have
A gaming PC with RGB synced lights running Apex Legends.

I've written about PC hardware for several years, and I proudly wear the badge of "enthusiast." But for as fun and interesting as the hardware is, no high-end PC is complete without the proper software.

Over my years of building PCs and tweaking hardware, I've cultivated a list of software that I need to install on every device I use. Here's what I install on every PC I build or test.
Afterburner
MSI

Read more
Nvidia’s RTX 5090 might completely run AMD into the ground
RTX 4090.

Nvidia's best graphics card might reach new heights in the next generation of GPUs -- or at least that's what a reputable leaker implies. The RTX 4090 already delivered a massive generational uplift, and we're looking at something similar, or even better, with the future RTX 5090. It all comes down to a ridiculously large memory bus and a huge increase in CUDA cores. But does Nvidia really need all that juice to compete with AMD?

Today's round of tantalizing leaks comes from a well-known source in the GPU space, kopite7kimi, who released some speculation about the possible architecture of the GB202 chip, which would be the Blackwell counterpart to the AD102. There's a bit of math involved.

Read more