There is a deadly ransomware being spread via Facebook Messenger that you need to be aware. The dangerous malware is being deployed through a Scalable Vector Graphic (SVG) image file linking users to a fake YouTube site.
On the fake site, victims get prompted to install a certain Chrome extension Nemucod. The Nemucod extension is actually a stealthy malware downloader. Once installed in your browser, the extension download the dangerous Locky ransomware.
Just how dangerous is the Locky Ransomware?
Security experts describe Locky Ransomware as one of the most destructive strains of ransomware currently out there; its encryption key has not yet been cracked. When it infects your computer, it locks up and encrypts all important files. Your only solution is to pay up (in Bitcoins), format your system and restore from files backup (doing regular backups cannot be emphasized enough), or format your system and start from a scratch again.
The Locky Ransomware is mainly targeting businesses and corporations, but you should be careful even if you don’t fall under these categories. That means, whenever you are accessing Facebook Messenger, especially while at work, you need to be extra careful. Once Locky sets in your system, it will cripple the entire office. By spreads through the local office network, infiltrating servers, removable drives, and locking up all important files.
Facebook Messenger phishing replacing Email phishing
Traditionally, such cyber-attacks have been spread through email phishing scams. However, Locky is spreading through social networks like Facebook and LinkedIn; through which an SVG image file linked to a fake YouTube site is spread.
Facebook has made a statement acknowledging the Messenger being linked to the spread of this destructive ransomware. Facebook, explained further that the Messenger is being used as a means of directing users to install the Chrome extension Nemucod.
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook, and we are already blocking these one from our platform. In our investigation, we determined that these were not, in fact, installing Locky malware, rather, they were associated with Chrome extensions. We have reported the bad browser extensions to the appropriate parties,” read a statement by a Facebook spokesperson.
Bart Blaze, the researcher credit for discovering the Locky ransomware campaign, the Nemucod extension downloads other malware as well.
You are advised to not to click on Image files with links sent to you on Messenger. Even from trusted Facebook friends; their account could have been compromised, and the message sent without their knowledge.
In the event, you do happen to click the SVG file sent to you on Messenger and found yourself on the fake YouTube site. DO NOT under any circumstances go to the Chrome extension page to install Nemucod in your system.