White Hat Institute

Cybercriminals are shipping out ransomware-infected USB devices

usb ransomware
Retrieved from websalutem.com

The FBI has issued a warning to the US defense industry that a cybercriminal organization is sending infected flash drives to businesses in an endeavor to compromise their systems with malware. Receiving a flash drive in the mail may sound like something out of a conspiracy book, but unless you know who sent it, it’s almost probably infected with malware and should be discarded right away.

The FIN7 group “impersonated Amazon and the US Department of Health and Human Services” in this case, according to the Federal Bureau of Investigation, and shipped several items via the United States Postal Service (USPS) and United Parcel Service (UPS). Covid-19 written instructions were sometimes included in these packages, as well as fake gift cards and thank you letters. These are accompanied by LilyGO-branded flash drives, which are widely available online.

The devices were infected with malware that registered as a Human Interface Device (HID) Keyboard as soon as they were connected, enabling them to function even after the flash disk was unplugged from the computer. The software then begins to install other malware, with the objective of installing one of the more common ransomware variants, according to the FBI.

This isn’t the first time FIN7 has sent out malware. The same crime family impersonated Best Buy two years earlier and shipped similar packages to hotels, restaurants, and retail businesses via USPS, according to BleepingComputer.

They even contacted their victims to convince them to connect the gadgets back then, and in May 2020, they sent teddy bears to “soften up” their targets. Employees should only attach USB devices based on their hardware ID or those that have been permitted for usage by the IT security staff. HID assaults usually succeed when the user deliberately attaches the flash drive to the target machine.