USB Drives Contain Malware
The group behind the Darkside and BlackMatter ransomware malware is mailing infected USB keys to American organizations. According to several news reports, the FBI has sent that warning to American businesses that subscribe to its security alerts. The contaminated USB keys are being sent by a package delivery service seemingly coming from the U.S. Department of Health and Human Services and allegedly have COVID-19 guidelines, or they are sent to seemingly look like a gift in a box with a fraudulent thank you letter.
Infecting USB keys is an old tactic used by threat actors, stemming back from the days when memory sticks were expensive. Threat actors have been known to drop infected USB keys on the floor of a company or its parking lot. They have slipped them onto the desks of booths at trade shows, where USB keys are often given away by vendors. The attackers hope unsuspecting people will plug the device into their computers to find out who lost it, or to see what expect is a vendor’s product information. In the most recent case the infected USB key registers itself as a keyboard and installs code that downloads malware, leading to a ransomware attack.
The best way to fight this kind of attack is to regularly remind employees to never plug USB sticks into that they don’t own into their computers — even if it’s a gift.
