Hackers Are Mailing USB Drives Infected With Ransomware

Author Photo

written by craig beam posted on January 23, 2022

Cybersecurity Alert: Hackers Are Mailing USB Drives Infected With Ransomware

If you received a USB drive in the mail, would you think twice about plugging it into your work computer? What about one of your staff members?

This is a surprisingly effective scam run by cybercriminals, and it’s become more common lately…

Hackers Are Mailing USB Drives Infected With Ransomware

Cybercriminals Target Defense Industry With Infected USB Drives

The FBI recently issued a warning that hackers have begun targeting defense contractors with this scam.

Here’s how it works: they mail COVID-19 information packets, gift cards, and USB drives to key staff members of these organizations. As soon as the USB drive is plugged into the user’s computer, it automatically executes a program that infects the system with ransomware.

That’s why you and your staff need to be aware of this scam. The bottom line is that you should never plug a device into your computer if you don’t know who or where it’s from. The risk is simply too high.

The Threat Of Cybercrime Is Evolving

Every day, cybercriminals attempt to adapt their methods to overcome new standards and defenses in cybersecurity. Nowhere is this more evident than with ransomware.

Just a few years ago, ransomware wasn’t as big of a concern. While high-profile incidents like the WannaCry attack on the NHS were concerning, they were far and few between. If you had a recent backup of your data in place, you could rely on that to replace your data in the event it was encrypted by ransomware.

Since then, however, the way cybercriminals use ransomware has evolved. They have improved their tactics and capabilities, allowing them to do much more damage, and demand much more money.

Characteristics of modern ransomware attacks include:

  • Expanded Timelines: Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away. This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems. Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to back up their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions.
  • Improved Capabilities: Modern forms of ransomware can even target and infect backup hard drives and cloud-based data if the connections are left unsecured. That’s why cybersecurity professionals are now recommending digitally-air-gapped backups as well. Given the effectiveness of modern ransomware attacks, defensive methods and best practices from just a few years ago are already losing feasibility. All of this is to say that you can’t assume you won’t be infected at some point.

How Should You Defend Against A Ransomware Attack?

The best way to defend against ransomware is to work with an IT company (like MicroXpress) whose team can implement a range of cybersecurity protections that will keep your data protected and your business in operation, no matter what happens.

Recommended security measures include:

  • Access Controls: Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories. Furthermore, only those needing local admin rights are to be provided with that access.
  • Firewall: Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users or suspicious connections from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
  • Network Monitoring: Your IT company should be keeping an eye on your systems around the clock, identifying and suspicious activity and addressing it immediately to prevent any negative effects. The ideal way to handle this is with MDR, an outsourced service that provides organizations with threat hunting services and responds to threats once they are discovered. MDR fully manages your cybersecurity defense, both keeping an eye out for threats, as well as providing the expert team to address them when they occur.
  • Data Backup: If you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that. That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary. Be sure to:
    • Back up data on a regular basis, both on and offsite.
    • Inspect your backups manually to verify that they maintain their integrity.
    • Secure your backups and keep them independent from the networks and computers they are backing up.
    • Separate your network from the backup storage, so the encryption process is unable to “hop” networks to the backup storage device. This keeps your backup data from being encrypted.

Need Expert Cybersecurity Guidance?

Don’t let basic cybersecurity put you at risk, and don’t assume you have to handle advanced cybersecurity all on your own—MicroXpress can help you assess your cybersecurity and develop a plan to enhance it.

You can start improving your cybersecurity by getting in touch with our team.

Thanks to our friends at Pure IT in Calgary. Pure IT and MicroXpress are members of the Ulistic HPC club. Pure IT helped with the research into this content.

Skip to toolbar