SECURITY ALERT: Cyber Criminals mailing out USB Drives that install Ransomware

According to Zdnet.com, a cybercrime group has been mailing out USB drives, also known as thumb drives, disguised as Amazon gift cards, US Department of Health and Human Services COVID-19 warnings, and others in order to try to get people to insert them into their computers and download ransomware onto their systems, according to the FBI (Zdnet.com).

The USB drives have been reprogrammed to act like keystrokes and send commands to the computer, install malware, and even emulate a network card.

Some of the phishing scenarios we uncovered related to job inquiries, job offers, and account/billing questions.  Cybercriminals will use any means necessary to get you to click on a link or attachment.

What You Can Do

Users should not plug unknown USB drives into their personal or corporate devices. Free USB devices given away at conferences have been targeted in the past to deliver malware to attendees. There have also been known supply chain compromises which resulted in malware being installed on brand new sealed USB devices.

Most organizations do not allow USB drives to be used as they can transmit malware and can be used for insider threat theft.