Locky Ransomware Maneuvers Past Facebook Security
Locky ransomware has wormed its way past the security features of Facebook Messenger. The malware is currently being spread by a malicious image link being sent through the messaging feature of the popular social media platform. Reports suggest Facebook is working to fix the issue.
This all started with an image download being sent. Upon clicking on the image download, users are taken to a website that looks like YouTube. From there, users are prompted to download a malicious extension in Google Chrome. According to Neowin, this malicious extension has been removed.
However, the problems don’t stop there. According to Peter Kruse, a colleague of the individual who originally found the malicious content, in certain instances the file also included the ransomware variant, Locky through the use of a Nemucod downloader. Fortunately for PC Matic users, the Locky variant would not be allowed to execute, as long as the user has SuperShield enabled. Devin Bergin, product manager and malware researcher for PC Matic, made the following statement regarding the malicious attack via Nemucod downloader,
“This sounds like a typical downloader, similar to one that would run in a word macro. The downloader installs with JavaScript. Then it reaches out to a command and control server and downloads the Locky exe and executes it. SuperShield would block the Locky exe when it tried to execute.”
As a PC Matic subscriber, it is important to ensure SuperShield protection is enabled. You may do so by right clicking the shield icon in the bottom right corner of you screen, in the task bar located by the clock. Then confirm there is a check mark by “SuperSheild Protection”.
For users who are not protected with PC Matic, you may click here to learn more about our advanced protection.
