Top Story: Watch out! Facebook spreading ransomware!
Top Story: Watch out! Facebook spreading ransomware! | Komando.com
Ransomware has been the fastest growing cybercrime of the year. The FBI says cybercriminals could rake in almost $1 billion from these attacks in 2016 alone. Yikes!
These types of attacks become extra dangerous when mixed with one of the most popular sites in the world. That makes this new ransomware attack that is spreading through a Facebook app so horrifying.
Ransomware is quickly becoming the common cybercriminals favorite method of attack. That's because it is easy to mass deploy, payoffs can be massive, and with the use of Bitcoin as currency, payment exchanges can be virtually anonymous.
We've just learned of a ransomware attack that is being deployed through Facebook Messenger. What's worse is that it's a form of Locky ransomware, which has no decryption program to get rid of it. We've warned you before of the dangers of Locky ransomware.
What to watch out for Here is what you need to watch out for with this ransomware attack:
People are receiving strange messages through Facebook Messenger that only contain an image. It looks like a photo is sent as an attachment that you need to click on to view. The fake photo ends in .svg.
The photo is actually a Scalable Vector Graphic (SVG) file. It's not a real photo; instead, it's a JavaScript attack.
If you try opening this file, you will be directed to a fake YouTube site with a video from Facebook. You will then be asked to install a Chrome extension so that you can watch the video.
Warning! This Chrome extension is malicious and could install malware onto your gadget. The malicious downloader is known as Necumod, which would be used to download the Locky ransomware.
What you should do
Do not click on an SVG file - If you get one of these messages through Facebook Messenger, do not click on the photo.
Warn your friends - If you get a message with the SVG file, more than likely your friend has been hacked. Let them know immediately so they can warn others not to click on the malicious link.
Deny Chrome Extension - If you do click on one of these SVG files by mistake, you still have time to avoid the ransomware. When you are directed to the fake YouTube site and are asked to install the Chrome Extension, do NOT do it.
On your browser, click menu.
Select More Tools >> Extensions.
On the extension you want to remove, click Remove from Chrome.
A notice to remove the extension will appear. Click Remove.
Remove the extension - If you went as far as installing this malicious extension, remove it immediately. Here are the steps to remove it:
On your browser, click Menu.
Select More Tools >> Extensions.
On the extension you want to remove, click Remove from Chrome. It's the button that looks like a trash can.
A notice to remove the extension will appear. Click Remove.
Protect your gadget with internet security software
To catch ransomware before it's too late, we recommend powerful internet security software. has developed an effective tool against ransomware infections called System Watcher. System Watcher is available on all of Kaspersky Lab's main products like Kaspersky Anti-Virus, Kaspersky Internet Security, and the ultimate in computer security, Kaspersky Total Security. will protect up to five of your devices including PCs, Macs, Android, and even iOS devices. It safeguards your money, privacy, identity, and data from all the current and emerging computer threats including ransomware.
Top Story: Watch out! Facebook spreading ransomware! | Komando.com
Ransomware has been the fastest growing cybercrime of the year. The FBI says cybercriminals could rake in almost $1 billion from these attacks in 2016 alone. Yikes!
These types of attacks become extra dangerous when mixed with one of the most popular sites in the world. That makes this new ransomware attack that is spreading through a Facebook app so horrifying.
Ransomware is quickly becoming the common cybercriminals favorite method of attack. That's because it is easy to mass deploy, payoffs can be massive, and with the use of Bitcoin as currency, payment exchanges can be virtually anonymous.
We've just learned of a ransomware attack that is being deployed through Facebook Messenger. What's worse is that it's a form of Locky ransomware, which has no decryption program to get rid of it. We've warned you before of the dangers of Locky ransomware.
What to watch out for Here is what you need to watch out for with this ransomware attack:
People are receiving strange messages through Facebook Messenger that only contain an image. It looks like a photo is sent as an attachment that you need to click on to view. The fake photo ends in .svg.
The photo is actually a Scalable Vector Graphic (SVG) file. It's not a real photo; instead, it's a JavaScript attack.
If you try opening this file, you will be directed to a fake YouTube site with a video from Facebook. You will then be asked to install a Chrome extension so that you can watch the video.
Warning! This Chrome extension is malicious and could install malware onto your gadget. The malicious downloader is known as Necumod, which would be used to download the Locky ransomware.
What you should do
Do not click on an SVG file - If you get one of these messages through Facebook Messenger, do not click on the photo.
Warn your friends - If you get a message with the SVG file, more than likely your friend has been hacked. Let them know immediately so they can warn others not to click on the malicious link.
Deny Chrome Extension - If you do click on one of these SVG files by mistake, you still have time to avoid the ransomware. When you are directed to the fake YouTube site and are asked to install the Chrome Extension, do NOT do it.
On your browser, click menu.
Select More Tools >> Extensions.
On the extension you want to remove, click Remove from Chrome.
A notice to remove the extension will appear. Click Remove.
Remove the extension - If you went as far as installing this malicious extension, remove it immediately. Here are the steps to remove it:
On your browser, click Menu.
Select More Tools >> Extensions.
On the extension you want to remove, click Remove from Chrome. It's the button that looks like a trash can.
A notice to remove the extension will appear. Click Remove.
Protect your gadget with internet security software
To catch ransomware before it's too late, we recommend powerful internet security software. has developed an effective tool against ransomware infections called System Watcher. System Watcher is available on all of Kaspersky Lab's main products like Kaspersky Anti-Virus, Kaspersky Internet Security, and the ultimate in computer security, Kaspersky Total Security. will protect up to five of your devices including PCs, Macs, Android, and even iOS devices. It safeguards your money, privacy, identity, and data from all the current and emerging computer threats including ransomware.