An insidious form of ransomware has spread from Microsoft Word to social media. The new type of malware known as Locky first started as a macro that executes from within Word.
While Microsoft disables macros by default, some people have this process enabled. In such cases, a macro disguised as the banking software Dridex will open itself. Its next step is to download Locky to your computer.
Once this happens, your computer is unusable until you pay the ransom. As of December 2016, the ransom is $365 (half a bitcoin).
Palo Alto Networks claims that it discovered 400,000 sessions that use the type of macro application targeted by Locky. Kevin Beaumont, a cybersecurity expert who wrote about Locky in the news outlet Digital Trends, stated that computers within an organization that are victimized by this software will probably have to be rebuilt “from scratch.”
The coders behind Locky expanded its reach to exploit vulnerabilities in LinkedIn and Facebook. In fact, the Israeli cybersecurity company Check Point told Ars Technica that Locky ransomware has massively spread through social media.
The ransomware is disguised in an image thumbnail. If you click on it, it then downloads rather than open in a separate window. Many people automatically click the downloaded image. Doing so locks up your files and demands a ransom payment to regain access.
The perpetrators succeeded in embedding malicious code within an image file and then upload it to a social media website. They exploit a current misconfiguration that deliberately forces people to download the file.
Check Point strongly recommends not clicking on an image that has automatically downloaded to your computer. The company has informed LinkedIn and Facebook about the vulnerability, but will not publicize the details until the sites fix the flaw.