A New Domino: Ransomware on Social Media

We’ve written a fair amount about the consistent threat ransomware poses to your business, and that’s because it’s a constantly shifting threat worthy of frequent updates. Once you think you have one attack method under wraps, another one pops up. It’s a lot like trying to plug holes in a leaky dam, desperately trying to prevent the whole thing from collapsing.

Unfortunately, recent news has raised the specter of a new threat, one which could potentially have wide-reaching effects on your business.

Social Media Threats

Healthcare Info Security recently reported some less than ideal news: ransomware may have been found on Facebook.

Facebook has disputed this claim, but reports are showing that a malicious image file is being spread through the Facebook Messenger service. If a user receives this message and clicks on the image, they are taken to a new browser presenting a YouTube look-alike site. The user will then be prompted to download data that will allow them to view the video. All they’ll download is a worm that will go through their Facebook contacts and start this process again.

Others have found that this file can also force the “Locky” ransomware onto user’s computers, which encrypts all the files on a computer and holds them for ransom. Along with this initial news, other sources have tested and found that this method of attack could affect LinkedIn as well.

Continued Spread

Facebook has gone as far as releasing a statement denying this connection, but they also blocked the extensions being reported to Google that analysts were finding on their Messenger service.

Though the spread of ransomware to social media sites may not be an immediate concern, the fact that these defenses are being tested is concerning. Organizations across all fields already train employees on appropriate internet usage, letting them know what suspicious sites look like and what links they should avoid in emails. Social media has, for the most part, been clear of these kinds of threats. This recent news points to a future in which this is not the case.

In the past, ransomware has mainly been sent through email. Usually, people can tell when a friend’s email is hacked. The subject line may look off or the tone might be completely different from what someone might send normally through email, which tends to be a more formal communication method. Messages on social media are different. If a friend of an employee is hacked and sends the attack detailed above to your employee, chances are they’ll click it. They’ll trust it.

This news presents a good time to refresh your employees on best practices. Ask them to limit their social media usage if it doesn’t directly tie into their job roles or instead use their mobile devices. Stress what suspicious links look like and encourage them to follow up with senders before clicking,  verify its real and not just a hack.

Ransomware is constantly expanding, but by remaining vigilant you can severely limit its effect on your business.