An urgent cybersecurity warning is being issued to all U.S. companies. According to the FBI, a cybercriminal group is mailing organizations a parcel containing malicious USB drives that are laced with ransomware. These deliveries are made by impersonating the Department of Health and Human Services.
An unspecified number of companies reported receiving suspicious USB drives at their business address. This parcel contains a letter written by the Department of Health and Human Services about COVID-19 warnings. In some cases, the letter offers a gift card from Amazon. Be warned that plugging this USB into a device will infect it with malware.
Cybersecurity Warning: Ransomware Attack
ZDNet reported that the malicious program inside the USB drive is called "BadUSB" attacks. This is used to install ransomware on a victim's network so hackers can gain access to their system.
The BadUSB attack uses a creative strategy that exploits USB versatility. When plugged in, it emulates a keyboard to create keystrokes and commands that install the malware. This code will be integrated with the operating system booting, which could be used to spoof a network card or redirect traffic.
U.S. companies are primarily being targeted by these attacks so hacker groups can gain access to the organization's networks. Sources from ZDNet could not determine how many firms were compromised by this strategy.
For now, US companies are advised to practice caution when encountering suspicious parcels. FBI investigation teams said to "handle it with care to preserve DNA and fingerprints that may be obtainable from the package," per CNN.
FBI hopes that these parcels might have clues that can help them pursue the mastermind. The investigation is still progressing.
FBI Investigation on USB Drive Ransomware
According to CNN, the FBI's initial investigation led them to believe that a prolific Eastern European cybercriminal group is behind this attack. Experts pinned the recent incidents to FIN7 operations.
It should be emphasized that FIN7 is notoriously infamous for its hacking schemes. They have been blamed for billions of dollar in losses in consumer and business sectors from the U.S. and abroad. At one point, the Justice Department accused them of stealing millions of credit card numbers from restaurants and hospitality chains across 47 states. It is safe to assume that they have the skills to launch these BadUSB attacks.
FBI warned that the BadUSB attacks are often installed on LILYGO-branded devices. These mails were reportedly shipped out as early as August last year.
ZDNet also warned that these tools can be used to deploy multiple ransomware strains like BlackMatter and REvil. So companies are advised to be very careful about this attack.
It is also worth noting that these attacks prompted discussions between the Biden Administration and Kremlin about the security and critical infrastructure of the digital industry. Hopefully, a few countermeasures might be set up against BadUSB in the coming days.
Related Article: iPhone Malware Security Warning: New Fake Shutdown Trick Lets Hackers Spy on You!