1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Beware of Image Files Spreading Ransomware on Facebook & LinkedIn

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, Nov 25, 2016.

  1. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    from facecrooks...

    Security researchers recently discovered Locky Ransomware being spread on Facebook and LinkedIn. This new attack is being called ImageGate by Checkpoint security researchers.

    The malware is distributed by infected SVG (Scalable Vector Graphics) image and graphic files. Users are prompted to download a codec allowing them to view the file in question.

    We often warn users about avoiding malicious extensions, as they are a favorite tool of cyber criminals. It's important to note that the malware laden images bypassed Facebook Messenger’s file extension filters, according to Blaze.

    Once users open the downloaded file, the Locky ransomware becomes active. Our friends at Bitdefender have written extensively about the global ransomware threat. For those unfamiliar, ransomware encrypts all of the files on the infected system until a ransom is paid.

    In October, Locky accounted for 5% of total malware attacks making it the second most common malware attack currently circulating.

    We strongly encourage users to be suspicious of any image based files received via Facebook Messenger and LinkedIn contacts.

    It's also a good idea to avoid downloading extensions of any kind. You shouldn't need to download anything to view an image sent by a Facebook friend.

    http://facecrooks.com/Scam-Watch/Sc...-spreading-Ransomware-Facebook-LinkedIn.html/
     
    • Thanks Thanks x 2
  2. Loman

    Loman Junior Member

    Joined:
    Oct 10, 2016
    Messages:
    140
    Likes Received:
    43
    Gender:
    Male
    Location:
    Distant Flashing Light
    Thanks for the info. I'll be careful.
     
  3. Nut-Nights

    Nut-Nights Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2013
    Messages:
    5,641
    Likes Received:
    3,531
    Location:
    Hell
    Home Page:
    Fuck this locky virus, It can destroy your important files. My desktop got infected by this virus last year, thanks to god i keep backup of important file.
     
  4. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    and that's why i run linux! :D
     
    • Thanks Thanks x 2
  5. Taegn

    Taegn Junior Member

    Joined:
    Jul 22, 2016
    Messages:
    180
    Likes Received:
    32
    Very interesting, will have the time this weekend to porperly research this - it seems they managed to combine the ole firefox bootstrapped addon with a safe format file...
    Does it work for all browsers?
     
  6. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,208
    Likes Received:
    1,618
    Occupation:
    Marketing
    Location:
    Portland,Or
    Thanks for the reminder for everyone to stay vigilant
     
  7. mynameisfrankenstein

    mynameisfrankenstein Regular Member

    Joined:
    Apr 2, 2015
    Messages:
    431
    Likes Received:
    346
    Gender:
    Male
    Location:
    BC, Canada
    Hell to the yeah
     
  8. tb303

    tb303 Senior Member

    Joined:
    Dec 18, 2011
    Messages:
    851
    Likes Received:
    539
    Back your shit up people. There's loads of free solutions to do it.

    But then, anyone who downloads some random codec cause they needed it to view a picture on social media deserves everything they get.
     
    • Thanks Thanks x 2
  9. Reaver

    Reaver Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2015
    Messages:
    1,904
    Likes Received:
    5,466
    Gender:
    Female
    Out of curiosity, how did you get rid of it?

    Or did you?
     
  10. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    County Government Pays Ransomware Hackers To Get Files Back

    In the first three month of this year, the FBI believed that ransomware infections had netted cybercriminals more than $200 million. By the end of next month, they could have a billion-dollar year on the books.

    That’s because many ransomware victims feel like they don’t have a choice. The fear of losing precious data wins out and they cave in to their ransomers’ demands. That’s the decision the government of Madison County, Indiana reached recently.

    Madison has a population of just over 130,000 and a government that, like many businesses and organizations in the U.S., is learning a hard lesson about cybersecurity. Last week, a ransomware infection crippled the county’s computer network. According to Capt. Dave Bursten of the Indiana State Police, who spoke with WTHR, it’s been like working in the 80s: “we’re doing everything with pencil and paper.”

    Faced with the prospect of a prolonged outage, Madison officials now have a plan of action. After being advised by their insurance company to do so, Madison County is going to pay the ransom. County commissioner John Richwine didn’t disclose the amount that would be paid, but did say that he believed it to be “less than most county residents would have anticipated.” Some institutions have paid tens of thousands of dollars to get their files back.

    Could This Have Been Avoided?

    The experts’ guidance on ransomware is pretty clear: keep the software on your systems as up to date as possible. Educate yourself. Last but not least, back up your files. Back them up religiously, and keep them secure and isolated. Set up a rotation of external hard drives and disconnect them immediately when the backup has completed. Use a cloud backup service. Similar advice has been posted here on Forbes in the past.

    Madison County officials did have a backup plan, they just waited a little too long to implement it. The county’s IT director said that they were in the process of setting it up when the ransomware took hold. That’s a real shame, because a reliable backup would have allowed them to replace files that had been encrypted by the infection and go about their business.

    Paying the ransom always comes with a risk. There’s no guarantee that the decryption software the criminals provide will actually work “as advertised.” There’s also the risk of a second attack once they know that a victim is willing to pay. These are, after all, criminals using software to extort money. That’s not generally a group that deserves the benefit of the doubt.

    Then again, even the FBI has reportedly advised victims to “just pay the ransom,”

    http://www.forbes.com/sites/leemath...nt-pays-ransomware-hackers-to-get-files-back/
     
  11. Nut-Nights

    Nut-Nights Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2013
    Messages:
    5,641
    Likes Received:
    3,531
    Location:
    Hell
    Home Page:
    I used Malwarebytes and Norton to clean my PC, But you cant recover your corrupted files as it required some sort of decryption software and hacker charge you $200 to give it.
     
    • Thanks Thanks x 1
  12. tb303

    tb303 Senior Member

    Joined:
    Dec 18, 2011
    Messages:
    851
    Likes Received:
    539
    There are many variants of ransom ware out there as much of the code to do it is public.

    The good news with that is some of the encryption is flawed and has been reversed. If all else fails you can try the following links.
    https://noransom.kaspersky.com/
    https://decrypter.emsisoft.com/

    You should still have backups though as theres just as many that cant be decrypted.

    In that article above the FBI advice to just pay the ransom is old and from before the code was made public. These days I doubt paying up will get you a decryption key.
     
    • Thanks Thanks x 2
  13. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    madison county paid and they got their files back...
     
  14. tb303

    tb303 Senior Member

    Joined:
    Dec 18, 2011
    Messages:
    851
    Likes Received:
    539
    indeed, and so have a few NHS hospitals in the UK. Remember these are very likely targeted attacks using spear phishing or something.

    Its not difficult for some skiddy to put together a locker from public code and stick it on a torrent. If you get encrypted by this there's a much lower chance of getting your files back by paying.

    This video shows the facebook attack in action. As long as you dont do what he does at 0:17sec you should be fine from this.