Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Ransomware infected images spreading quickly on Facebook and LinkedIn

A relatively low-tech take on ransomware delivery has worried security researchers this week, following the discovery that a new attack method is being exploited across Facebook and LinkedIn.

It’s not the first time the Locky ransomware has popped up – it’s been around since the end of 2015 in one form or another – but it’s the first time that researchers have seen the malware delivered to victims in this way.

According to CheckPoint Security, images infected with the Locky ransomware are infecting users on Facebook and LinkedIn by automatically downloading a file to the victim’s computer if they browse an infected image. The inquisitive user then clicks on the file to find out what it is, which activates the ransomware. Users are then asked to pay around half a bitcoin (around £300 currently) to unlock their files and regain normal access to their computer.

The best way to avoid falling victim to this particular scam is to never open any files that you didn’t intend to download, and particularly never to open files that download wiht unusual extensions like SVG, JS or HTA.

If the worst happens, and you do end up with all your files encrypted by an attacker, it seems there are, in many cases, few alternatives to wiping your computer and starting again, or paying the ransom. The threat does also serve as just one more good reason to always keep your most important files backed up to a separate location.

The researchers said they’ve told Facebook and LinkedIn about the problem, with a Facebook spokesperson issuing us with the following statement.

“This analysis is incorrect. There is no connection to Locky or any other ransomware, and this is not appearing on Messenger or Facebook. We investigated these reports and discovered there were several bad Chrome extensions, which we have been blocking for several days. We also reported the bad browser extensions to the appropriate parties.”

Related: This Pokémon Go ransomware poses as a Windows 10 app

Watch The Refresh: The best tech gossip and reviews every week

Have you ever been the victim of ransomware? Let us know in the comments below!

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.