A new type of ransomware is targeting users through their social media accounts, most notably through Facebook and LinkedIn, before doing what ransomware does: locking the computer and demanding payment for access–in bitcoin.
Dubbed ImageGate by software company Check Point, the malware embeds itself into image or graphic files on social media networks; files that users who visit the site are deliberately forced to download. Social networks such as Facebook are reportedly ill-equipped to deal with this type of image-based fraud, as opposed to attacks that come through the operating system, for example.
Once on the user’s device, it’s time to pay up—in bitcoin, a favorite digital currency for those who prefer security and semi-anonymity for their online transactions. Previous generations of ransomware have favored cryptocurrency before, bitcoin’s structure being (unfortunately) ideal for online crime.
Still, while exacting ransom in a semi-anonymous, secure currency where settlement and payment are the same action due to the way blockchain works most certainly has its benefits, it is worth noting that the segment of the global population that uses any form of cryptocurrency, much less bitcoin, on the regular is much, much, much smaller than the segment of the global population that doesn’t use it at all.
Ransomware as a gateway to bitcoin usage?… Hmmm. Is ransomware demanding bitcoin as it did in days of old a good sign for the embattled cryptocurrency? Certainly blockchain euphoria is on the downswing as high-flying R3CEV’s recent stumbles indicate.
However, avoiding ransomware (whether it forces consumers to pay in a virtual or a fiat currency) is one thing; avoiding other pitfalls, like attacks by a Mirai botnet–the type of attack that took down top sites like Twitter and PayPal earlier in the year by exploiting vulnerabilities in IoT devices, and which can now be rented for all of one’s hacking needs–is quite another.
“In 2017 we will see a wide and broad-spread adoption of biometrics, because of a confluence of a number of different trends,” says Toby Rush, CEO and founder of biometric security firm EyeVerify, which is partnered with Alibaba, the parent company for AliPay. “One is that we are now doing things on our phones that we weren’t doing three years ago, which increases the need for better security.”
As previously reported, biometrics do have some kinks to work out, but leveraging technology for better security certainly seems to be the goal. Consumers could also implement a solution like Civic’s secure ID, which is working on replacing identifiers like the social security number.
In any case, with this malware and the vulnerabilities in IoT devices currently being exploited, it certainly seems that the future of hacking has arrived. Not all of us are happy about it.