Home > News > Ransomware Spreading via Images on Social Networks

Ransomware Spreading via Images on Social Networks

Locky is ransomware which is embedded in jpegs and other images.


An Israeli security firm called Checkpoint has dubbed a new outbreak of ransomware as “ImageGate”. They’re now warning of dangerous malware which spreads through social media platforms as images that lock your computer when clicked. The software responsible is called “Locky” and was discovered earlier this year. It encrypts the user’s files and then demands a ransom in order to unlock them again. The price being demanded for a key is 0.5 bitcoins, valued at roughly $365.

It was reported by Hacker News earlier this week that a Facebook spam campaign was spreading Locky through .svg files; something which Facebook denied. Now Checkpoint is saying that the malicious software is being spread through multiple file formats on multiple social media platforms, including Facebook and Linkedin. The security firm says social media sites are being targeted because they’re usually white-listed.

“The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.” said Checkpoint in a statement. Once the malicious file has been opened, every folder on your computer will appear empty except for a text file which directs the user to servers on the anonymising Tor network where the user can make a payment.

Checkpoint says they warned Facebook and Linkedin of the ImageGate threat back in September, but so far, the platforms seem to have been unable to stop the spread. As such, users need to remain vigilant. If you click on an image and it downloads automatically, do not open it. Any social media site should be able to display a picture without downloading anything. If you do happen to download a file, even one you assume to be harmless, be weary of file formats like .svg, .js or .hta

The security firm has also released a video shedding some more light on how Locky works, which you can see below.


source: Checkpoint

David F.
A grad student in experimental physics, David is fascinated by science, space and technology. When not buried in lecture books, he enjoys movies, gaming and mountainbiking

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Read previous post:
Top 3 Lenses for Portrait Photography

Let's face it, there isn't much landscape or scenery to shoot at in Singapore. All you have are high-rise buildings...