The FBI has warned that the latest ransomware threat may not come from the internet – but instead via an infected USB stick.
A security alert sent to US organizations details that packages have been received by businesses in transportation, insurance and defence, containing external drives with ransomware loaded onto them. These are often disguised as gifts.
Ransomware is a serious concern for any business, but most threats occur from online attacks. The news that physical devices are being actively distributed by scammers is warning that companies need to be more vigilant than ever.
Infected USB Keys Sent to Businesses
The threat, first reported by The Record, has seen several businesses receive packages via the United States Postal Service and United Parcel Service, containing USB sticks which purport to be sent as gifts. In some cases, the USB sticks arrive in presentation boxes from Amazon, with a thank you letter and gift certificate included. In others, they contain letters about COVID-19 procedures alongside the USB drive.
“Since August 2021, the FBI has received reports of several packages containing these USB devices, sent to US businesses in the transportation, insurance, and defense industries” – FBI security alert
Despite the presentation, there's nothing but a nasty surprise on these USB sticks, which when inserted into the user's device, activate a BadUSB attack, effectively mimicking the keyboard and delivering commands to the device. At this point, ransomware can be delivered, and the user locked out of the device, and network, until demands are met.
Failure to do so risks any available data being wiped or distributed to the internet.
According to the FBI alert, US defence industry companies have been targeted, as well as health authorities and hospitality providers.
The Rise of Ransomware
Ransomware made plenty of headlines in 2021, in fact it barely felt like it ever left them. Many high profile targets, such as Garmin, Colonial Pipeline and software provider Kaseya have all been hit, but smaller groups have also been hit hard. Even the Baltimore school authority found itself victim, with IT systems shut down and schools unable to open.
As many experts will tell you, ransomware is thriving. Despite efforts by authorities to disrupt the scammers, it continues to thrive. Part of the reason for this is believed to be the pandemic, and the increase in the number of us working from home. With the pivot to remote working, the traditional security of the office has become a lot harder to contain, with companies wrestling with ensuring that all their employees are following best IT practice from their living rooms and bedrooms.
Ransomware attacks were estimated to cost $20 billion in 2021 – that's up from $325 million in 2015. And with the average ransomware attack costing companies $761,000, not to mention the risk to data, it's a threat that every company needs to be vigilant of.
Avoiding USB Ransomware
If you're reading this with a heavy heart, worried about yet another avenue that scammers can use to attack your business, then don't fret, there are some key steps you can take to avoid these attacks.
Firstly, be very cynical about unsolicited gifts, especially those that you need to plug into your computer. Employees should be wary of using devices that have not been cleared by IT – in fact, you may wish to disable the use of USB devices that don't have authorization from IT, although this can be difficult in the case of USB sticks as they are fairly common and many employees may have a genuine need to use them.
In the case of the most recent scam, the USB sticks distributed are branded ‘Lily GO', so definitely be on the look out for this particular make of drive.
Another key to fighting any attacks like this is antivirus software. While the best defence is to not plug an infected USB drive into your device in the first place, a computer with antivirus software stands a good chance of identifying and isolating the malicious code before it has a chance to do any damage.