Locky is hidden inside an image file on Facebook and LinkedIn at the moment, and its takeover is simple: you get prompted to download a file, or the file automatically downloads, and once you click on the image, Locky is loose in your files. Currently the ransom is half a Bitcoin to get your stuff back, which at current exchange rates is over $300. But, as you can see, it’s pretty easy to avoid.
First, of course, is the fundamental rule of all computer use: Back up your stuff. Put anything not sensitive on cloud storage, and anything you need but don’t want online tucked away in a thumb drive. This is something you should be doing anyway, but if you fall victim to ransomware, it’ll let you just wipe the drive and get back to what you were doing. Secondly, don’t open image files from people you don’t know, and especially don’t open anything that downloads automatically that you don’t trust the source. In the case of Locky, a big red flag is that it’s a more obscure image file format, like SVG or HTA. If it’s not a .JPG or a .PNG, it’s probably worth asking where this file came from in the first place.
As usual with these controversies, we’ll remind you that your common sense will always be your first line of defense. If something feels weird, for any reason, online, then just close the window, hit the back key, or otherwise walk away. Long-term, it’s better for your wallet, and your peace of mind.