Latest Ransomware Scheme: Cyber Criminals Are Mailing Out USB Drives That Install Malware

Cybercriminals continue to innovate at an alarming rate. The latest scheme is to mail out USB drives that install malware onto your device when they are plugged in (source). 

In the latest scheme, USBs contain so-called ‘BadUSB’ attacks. In this case, the USBs contained a message impersonating the US Department of Health and Human Services and are claimed to be a COVID-19 warning. In other instances, USBs claimed to be from Amazon and were sent with an Amazon gift card. 

What does ‘BadUSB’ mean, and how does it work?

Essentially, BadUSB exploits the versatility of the standard USB storage drives, allowing the cybercriminal to reprogram a USB drive to emulate a keyboard to create keystrokes and commands on a computer. When the USB is plugged in, it has been configured to register itself as a keyboard device on the computer, allowing malicious actors their entrance point. In this way, it will enable cybercriminals to install malware before the operating system can reboot, or in other cases, it tricks the network card and redirects traffic.

How serious is this method?

In short, it’s very serious. While not extremely common, USB drives have been known to carry several serious ransomware strains. Most notably, Black Batter, which was believed to be the ransomware of choice in the Colonial Pipeline attack–an attack that made headlines in 2021. 

What can we learn from this new attack method? 

As a general rule, never plug in a USB drive unless you can confirm the sender. Inserting anything unknown into your device poses a serious danger to your device and your entire organization’s network. USB drives are no exception. What’s more, don’t assume an email or piece of mail with your name means that the sender is known or safe. By “confirming the sender,” make sure you can verbally confirm from a sender that they sent the item in question. In the case of USB drive attacks, the mail parcel often contained the recipient’s name, looking ‘official.’ Don’t assume the mail is real unless you are expecting that specific package. 

The best way to protect yourself and your organization is to operate under the assumption that everything suspicious is an attempted attack. Always confirm the sender and check with your IT team whenever you are in doubt. Better safe than sorry!

If you are ever concerned you may be a target or victim of a ransomware attack, STOP and call your IT Team or PK Tech! We can help. Contact us here