Skip to main content

Beware of new image files you didn’t download: They may launch ‘Locky’ ransomware

locky ransomware self downloading image files hacker  hacking symbol
www.elbpresse.de
If you see a new image or graphic file on your computer that you don’t recall downloading, do not open it. The Locky ransomware program has moved on from MS Office Word to Facebook and LinkedIn vulnerabilities, and is now putting files on your computer that can lock you out of your data, according to Ars Technica.

Earlier this year Locky arrived on computers via a “malicious macro” in a Word document. In the last week, however, Ars Technica quotes Israeli security company Check Point reporting a “massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign.”

Recommended Videos

Typically what happens is that when you click on an image thumbnail, rather than displaying the image in a separate window, the file automatically downloads. It would be natural for most people to then click on the downloaded image — and that’s what executes the Locky code and immediately locks up all your files and demands ransom.

Please enable Javascript to view this content

Vulnerabilities in Facebook and LinkedIn have been exploited by the perpetrators of the Locky attack, according to Check Point. “The attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end user clicks on the downloaded file.”

When Locky is activated on your computer the ransomware locks you out of your files. The only way to retrieve your data is by paying a ransom, hence the term ‘ransomware.’ Ars Technica reports the current ransom to unlock a user’s computer is about half a bitcoin, or $365.

Check Point stated it previously informed Facebook and LinkedIn of the vulnerability currently being used in the ransomware attack, but won’t make the details public until those social media and other major sites fix the security flaw.

The security firm’s recommendations to consumers are: “If you have clicked on an image and your browser starts downloading a file, do not open it. Any social media website should display the picture without downloading any file. Don’t open any image file with unusual extension (such as SVG, JS or HTA).” Note, however, that the file extension could also be JPG, PNG, or any other common form.

The bottom line on avoiding this particular means of an attack by Locky is, if you click on an image and it starts to download, whatever you do, do not open the image file on your computer.

Bruce Brown
Bruce Brown Contributing Editor   As a Contributing Editor to the Auto teams at Digital Trends and TheManual.com, Bruce…
Presidents’ Day Dell Deals: XPS, G16, monitors and more on sale
The Dell XPS 14 open on a wooden table.

Presidents' Day is a nice three-day reprieve from work, and it's also a nice excuse to do some shopping. And Dell is certainly ready, with business laptops, monitors, and more discounted on their website and across Amazon. We've picked out our favorite deals, largely from the best Dell products out there -- and products we've personally reviewed or have hands-on experiences with. Here, we present that list to you so you can get some of the best laptop deals and monitor deals around. Remember that as these deals are coming out around the Presidents' Day holiday (though not all of them have explicit "Presidents' Day" markings) they very well might end soon, so plan your purchases accordingly.
Dell S2425HS Monitor — $110 $140 21% off

This sleek monitor with a modern look has integrated speakers, a 100Hz refresh rate, and a 4-star TÜV Rheinland eye comfort rating. The 24-inch Dell S2425HS is a great second monitor for your home office or second study. You won't find many monitor deals with a price lower than the starting price of $140 that this one sports, much less the reduced $110.

Read more
1Password vs. NordPass: which password manager is best in 2025?
1Password and NordPass reviews appear beside one another on a PC monitor.

1Password and NordPass are among the most popular and best password managers available. Both offer significant improvements over the built-in solutions you get from Microsoft, Apple, and Google, making it hard to choose between them.

I've reviewed the latest versions of 1Password and NordPass in 2025 and can share some insights into the differences and compare prices to help you discover which offers the best value for you.
Specs

Read more
This iBuyPower gaming PC with RTX 4060 is under $1,000 — for now
The iBUYPOWER Trace 7 Mesh gaming desktop on a white background.

Gaming PC deals worth buying still usually cost more than $1,000 after the discounts, but here's an offer from Best Buy that's available for a more affordable price. The iBuyPower Trace 7 Mesh, which is originally sold for $1,300, is down to just $900 following a $400 discount. We're not sure how much time is remaining before this bargain ends, so if you're interested in this gaming desktop, you need to push forward with your purchase immediately if you want to secure the savings.

Why you should buy the iBuyPower Trace 7 Mesh gaming PC
The iBuyPower Trace 7 Mesh is a relatively affordable gaming PC, but it doesn't sacrifice much in terms of performance. It runs on the AMD Ryzen 7 5700 processor and the Nvidia GeForce RTX 4060, which is in our list of the best graphics cards as our recommendation for 1080p gaming. It has 16GB of RAM, which is the best place to start for a gaming PC, according to our guide on how much RAM do you need. With these components, you won't have trouble playing the best PC games, though you'll have to go with medium settings for the more demanding titles.

Read more