A version of the Locky ransomware has been found spreading on social networks, namely Facebook and LinkedIn. Due to vulnerabilities in those sites, an infected picture file can be sent to a user, downloaded by the browser, and deployed when opened.
The malware can download itself to a user's computer by exploiting a vulnerability discovered by Check Point, an Israeli security firm. Check Point notified both companies in September, though it doesn't appear a fix has been implemented yet.
Locky encrypts a victim's files and demands payment in Bitcoin. It appeared online earlier in 2016, initially spreading via emails and other types of files. Check Point says it recently noticed a "massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign."
Users should avoid opening any auto-downloaded image files.