Trusted Reviews may earn an affiliate commission when you purchase through links on our site. Learn More

Ransomware infected images spreading quickly on Facebook and LinkedIn

A relatively low-tech take on ransomware delivery has worried security researchers this week, following the discovery that a new attack method is being exploited across Facebook and LinkedIn.

It’s not the first time the Locky ransomware has popped up – it’s been around since the end of 2015 in one form or another – but it’s the first time that researchers have seen the malware delivered to victims in this way.

According to CheckPoint Security, images infected with the Locky ransomware are infecting users on Facebook and LinkedIn by automatically downloading a file to the victim’s computer if they browse an infected image. The inquisitive user then clicks on the file to find out what it is, which activates the ransomware. Users are then asked to pay around half a bitcoin (around £300 currently) to unlock their files and regain normal access to their computer.

The best way to avoid falling victim to this particular scam is to never open any files that you didn’t intend to download, and particularly never to open files that download wiht unusual extensions like SVG, JS or HTA.

If the worst happens, and you do end up with all your files encrypted by an attacker, it seems there are, in many cases, few alternatives to wiping your computer and starting again, or paying the ransom. The threat does also serve as just one more good reason to always keep your most important files backed up to a separate location.

The researchers said they’ve told Facebook and LinkedIn about the problem, with a Facebook spokesperson issuing us with the following statement.

“This analysis is incorrect. There is no connection to Locky or any other ransomware, and this is not appearing on Messenger or Facebook. We investigated these reports and discovered there were several bad Chrome extensions, which we have been blocking for several days. We also reported the bad browser extensions to the appropriate parties.”

Related: This Pokémon Go ransomware poses as a Windows 10 app

Watch The Refresh: The best tech gossip and reviews every week

Have you ever been the victim of ransomware? Let us know in the comments below!

Unlike other sites, we thoroughly review everything we recommend, using industry standard tests to evaluate products. We’ll always tell you what we find. We may get a commission if you buy via our price links. Tell us what you think – email the Editor