Beware of images posted in Facebook Messenger

Don’t automatically click on images in Facebook Messenger. Doing so could unleash a devastating ransomware attack on your organization. Locky has increasingly targeted healthcare organizations in recent months, typically via fake email phishing scams. Earlier this week, a warning was released that it is now being deployed through Facebook Messenger.

One of the most virulent strains of ransomware, Locky can spread through local network shares, file servers and removable drives, locking all sensitive files in its path. Victims are forced to pay a ransom or restore from a backup to recover their files. On that note, Privaplan consultant Ron Bebus recommends that you always make sure that you have backups on an independent system that can’t be corrupted by ransomware.

The potential of attacks through Facebook Messenger was first discovered on November 20 by malware researcher Bart Blaze, and confirmed by Peter Kruse, another researcher that specializes in internet-based crime and malware.

According to several reports, the attack is launched through a Scalable Vector Graphic (SVG) image file that directs to a website that looks like YouTube, but it’s hosted on a completely different URL. This fake site then prompts the victim to install a Chrome extension that is actually a malware downloader called Necumod, which would be used to download the Locky ransomware.

In response, Facebook has confirmed that there are Nemucod infections spreading through Facebook Messenger, although they are not massively spreading Locky as initially reported. Even so, opening an image could still wreak havoc of varying degrees within your organization.

It’s a good time to remind your colleagues to never download attachments from unknown people, or open attachments that look like an image but contain an unusual filename extension. This goes for emails and, even more so today, with social media platforms such as Facebook and LinkedIn because cyber-criminals are constantly looking for new ways to perform their wicked work.

Want to know more about protecting your data? Let PrivaPlan help. For more information or other services PrivaPlan provides, contact our HIPAA experts at or call 877-218-7707.

Related Posts

Access PrivaPlan Toolkit

Access CMA-PrivaPlan Toolkit

Sign up for updates

Sign up. Learn about Compliance

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.