*Facebook Posts being used to Spread Ransomware

By Declan Dunn, TechViews.org

Ransomware has been the fastest growing cybercrime of the year. The FBI says cybercriminals could rake in almost $1 billion from these attacks in 2016 alone.

This ransomware attack that is being deployed through Facebook Messenger. What’s worse is that it’s a form of Locky ransomware, which has no decryption program to get rid of it. 

Once a computer is infected, it locks and encrypts important files in exchange for a ransom payment, often with the use of Bitcoin as a currency. Since there are no decryption tools available, victims will have to pay the ransom or restore from a backup to recover their files.

If you are accessing Facebook Messenger at work, be extra vigilant since Locky is particularly devastating in the workplace. Traditionally deployed via fake email phishing scams, it has victimized hospitals, government offices, schools and businesses all over the world. It can totally cripple an entire office by spreading through local network shares, file servers, and removable drives, locking all sensitive files in its path.

Here is what you need to watch out for with this ransomware attack:

People are receiving strange messages through Facebook Messenger that only contain an image. It looks like a photo is sent as an attachment that you need to click on to view.

The photo is actually a Scalable Vector Graphic (SVG) file. It’s not a real photo; instead, it’s a JavaScript attack.

The fake photo ends in .svg. 

If you try opening this file, you will be redirected to a fake YouTube site with a video from Facebook.

You will then be asked to install a Chrome extension so that you can watch the video. Warning!  Aside from stealing Facebook credentials, this malicious Chrome extension is likely downloading other malware, not just Locky, to infected machines. It is vital that you remove this Chrome extension immediately.

What you should do        

  • Do not click on an SVG file – If you get one of these messages through Facebook Messenger, do not click on the photo.
  • Warn your friends – If you get a message with the SVG file, more than likely your friend has been hacked. Let them know immediately so they can warn others not to click on the malicious link.
  • Deny Chrome Extension – If you do click on one of these SVG files by mistake, you still have time to avoid the ransomware. When you are directed to the fake YouTube site and are asked to install the Chrome Extension, do NOT do it.

Remove the extension – If you went as far as installing this malicious extension, remove it immediately. Here are the steps to remove it:

    • On your browser, click Menu.
    • Select More Tools >> Extensions.
    • On the extension you want to remove, click Remove from Chrome. It’s the button that looks like a trash can.
    • A notice to remove the extension will appear. Click Remove.

These types of attacks become extra dangerous when mixed with one of the most popular sites in the world. That makes this new ransomware attack that is spreading through a Facebook app so horrifying.

So be extra vigilant and be wary of any files sent to you via Facebook Messenger, even from a trusted friend.


Please Subscribe for free on the right panel to receive updates as soon as they are published.

And please comment below, or visit our “Comments and Discussion” page and tell us what you think.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s