The FBI or the United States Federal Bureau of Investigation warned that hackers are sending malicious USB flash drive devices through mail to various US firms to spread ransomware and carry out cyberattacks.
FBI Warns That Hackers Sends Malicious USB Drives
Per the report by BleepingComputer, the FBI issued a warning that the cybercriminal group that goes by the name FIN7 has been sending malicious packages to various companies, which contain malware-spreading USB flash drives.
On top of that, the FBI also revealed that the cybercriminal group pretends to be the US Department of Health & Human Services or the HHS and even the e-commerce tech giant Amazon to trick their ransomware targets into receiving the suspicious packages.
The US agency also found out that packages that the ransomware gang has been sending out to its targets even include a fake letter regarding the guidelines for COVID-19 from the HHS or online gift cards from Amazon.
According to the news story by The Record, the FBI said in a statement that these incidents have been occurring since Aug. 2021.
The Bureau further said in the same statement that "the FBI has received reports of several packages containing these USB devices, sent to US businesses in the transportation, insurance, and defense industries."
FBI added that the suspicious packages are being sent either via the United States Postal Service or the United Parcel Service.
USB Drives with Ransomware
Aside from the impersonation letters, the package also contains a Lily Go USB flash drive, which the FBI warned could install ransomware to the computers of its targets.
The Bureau further disclosed that the USB flash drives from the package would execute a BadUSB attack once it is plugged into the computer of the target.
The Record said in the same report that the BadUSB attack uses a thumb drive to install itself into a machine and pretend to be a keyboard device instead of a USB flash drive.
From there, it could now carry out the cyberattack on a computer it is plugged into as it performs automated keystrokes.
It would then go on to download and install malware virus to the PC of the target, which could then attack the whole network of the victim, making it another successful ransomware attack.
The US agency went on to reveal that the BadUSB attack have been spreading two of the biggest ransomware out there, namely BlackMatter and REvil to the network of its victim enterprises.
This article is owned by Tech Times
Written by Teejay Boris