You Have a New “Friend” Request: Social Media Ransomware

You Have a New “Friend” Request: Social Media Ransomware
3 minute read

Ransomware is a form of malware that allows a cybercriminal to hold your computer or device’s information for ransom. These types of attacks can be far more nefarious than your average spyware or spam, as cybercriminals typically ask for exorbitant amount of money for them to give you the ‘key’ to access your files again. It is a growing threat that targets to both individuals and corporations.

Ransomware scams on social media

Ransomware is one of the most difficult cybersecurity problems to solve. Some security firms simply recommend you pay the ransom, assuming you haven't backed up your data recently. Unfortunately the best advice isn’t too helpful for anyone already infected: don’t get breached in the first place.

And if you pay the ransom, do you get your data back? Actually, sometimes the answer is yes. Let’s be clear -- stories abound of ransomware victims paying and not getting access. ZeroFox does NOT recommend paying the ransom, there’s simply too much uncertainty.

PhishMe revealed that 97% of phishing emails it analyzed this year contained some form of ransomware. Any other form of malware was restricted to the remaining 3%. And as we have seen time and time again, what’s true for email phishing is bound to be true for social media phishing. Social media networks are the perfect place for ransomware based attacks to occur due to the sheer size of the audience they tap into.

In recent years, as many as 70 percent of social media scams were shared manually through people and common connections. As you know, people are more likely to click on a link or download content if it is recommended by somebody they know. Cisco reports that Facebook is now the #1 way to breach a corporate network and the #1 source of malware.

Take the Locky Ransomware for example. Locky is not particularly new -- it was released in early 2016. Locky targets PCs, exploiting a vulnerability in MS Word, and automatically changes all your files to .locky, scrambling them in the process. It sets the computer’s desktop to a image of a set of instructions for how to the pay the bitcoin ransom, about $500 at the current bitcoin valuation.

Locky recently took to social media, exploiting LinkedIn and Facebook to proliferate itself. Check Point Security reported the social media ransomware exploits a vulnerability in the networks themselves to download a malicious image file laced with the ransomware. Facebook pushed back, saying the vulnerability was actually in a poorly built Chrome extension, not the social network.

Tips to protect your business from social media ransomware

Social media ransomware is a growing problem. Stay ahead of cybercriminals with these tips:

  • Don’t download and run any executable files from people that are unlikely to share something with you.
  • Keep your browser and OS up to date while avoiding downloads from suspicious sources.
  • Make daily backups of all files and store them both on-site in an external hard drive or two, and off-site in a secure cloud storage solution.
  • Finally, always have comprehensive security software and procedures in place to check social media links before clicking on them.
  • For businesses, invest in a digital risk monitoring tool like ZeroFox to identify attacks before they can take over your computer.

As much fun as it is so look at cute puppy videos and share memes on social media, just keep in mind that these sites are also havens for cybercriminals and scams like social media ransomware. Stay safe while surfing the web and keep these tips in mind, because it could save you some serious pain and cash in the future.

See ZeroFox in action