Ransomware-Infected USB Devices: A New Cyber Threat
Written on
Chapter 1: The Rising Threat of Malicious USB Devices
Cybercriminals are increasingly deploying ransomware via compromised USB drives, posing a serious risk to various industries.
This warning has been highlighted by the FBI, which has informed the US defense sector about a particular cybercriminal group that is distributing malware-laden flash drives to companies. While receiving a USB drive in the mail might sound implausible, unless you can confirm the sender's identity, it is likely that the device is infected and should be disposed of immediately.
Section 1.1: The Tactics of FIN7
The Federal Bureau of Investigation has identified the FIN7 group as the perpetrators of these incidents. They have been known to mimic reputable organizations such as Amazon and the US Department of Health and Human Services, sending out these malicious packages through USPS and UPS.
In some instances, packages included fake gift cards, thank-you notes, and instructions related to Covid-19, all designed to lend authenticity to their schemes. The USB drives, often branded with the LilyGO logo, are readily available online.
Subsection 1.1.1: How the Malware Operates
Once connected to a computer, these infected devices masquerade as Human Interface Device (HID) keyboards, allowing them to operate even after being unplugged. This capability enables the malware to initiate the installation of additional harmful software, aiming to deploy common ransomware variants.
Section 1.2: A History of Deception
This isn't the first instance of FIN7 employing such tactics. Two years prior, they impersonated Best Buy, sending similar malicious packages to various establishments, including hotels and restaurants.
In a previous scheme, they even attempted to persuade their victims to connect the USB drives by sending teddy bears as a means of disarming their targets. As a precaution, employees should only connect USB drives that have been verified by IT security staff or those that are recognized by their hardware ID. HID attacks often succeed when users intentionally connect the infected devices.
Chapter 2: Understanding the Risks
This video discusses the increasing prevalence of malware being transmitted through USB flash drives, highlighting the dangers and advising on how to stay safe.
In this tutorial, viewers learn how malicious flash drives can be created, emphasizing the importance of cybersecurity awareness and prevention strategies.