How USB Drives Were Recently Used to Hand-Deliver Malware

We all have unsolicited mail show up in our mailbox. Whether as advertisements or coupons, companies hope we view them as opportunities rather than what they often really are: extra paper. However, Australians are receiving a different type of unsolicited mail and it brings a gift of its own: malware. These malicious gifts are delivered in the form of USB drives, or memory sticks, in the apparent hope that curious Australians will plug them into their computers.

And they are.

The New York Times reports a few residents of Pakenham, Australia, have fallen victim to this USB-borne attack, which purports to offer victims deals on Netflix and other streaming services. In reality, the sticks were loaded with the modern cybercriminal’s weapon of choice: ransomware.

Ransomware is a malware type that does what it says: it locks your computer and prevents you from accessing your data until you pay the attacker a ransom. Usually, the ransom isn’t small. Time and time again, we’ve seen cybercriminals use ransomware to demand large sums of money from citizens, hospitals, schools and more. In fact, according to an FBI estimate, ransomware is on track to extract about $1 billion from victims across the United States.

This USB-delivered malware is the latest unfortunate example of both ransomware’s efficacy and the cybercriminal’s ability to deceive. This deployment of unsolicited memory sticks also shows attackers are going back to old standbys in order to spread their illicit programs.

In fact, USBs have been a common vehicle for deploying malware for a long time — and not always to deploy ransomware. There have even been incidents of cybercriminals leaving USB sticks around in an effort to fry someone’s entire computer. More common, however, are attacks where cybercriminals purposefully leave USB devices lying around for a curious employee to pick up in an effort to get inside their company’s network.

Want to protect yourself from falling victim to this ploy? Keep these tips in mind:

  • If you didn’t buy it, don’t plug it in. Always be skeptical and cautious if a product arrives at your door that you didn’t order yourself. As enticing as gifts seem, remember that companies who do give them out to customers usually do so securely. They could come in the form of redeemable codes, instead of product deliveries without warning. If you do receive an electronic gift in the mail, call the company’s support team to double check if the gift is valid.
  • Remember that malware comes in many shapes and sizes. As users become more security savvy, cyber crooks become more creative. So remember to stay vigilant when it comes to enticing promises and gifts in any outlet. Beyond avoiding suspicious USBs, you can leverage a comprehensive security suite, such as McAfee LiveSafe™, to monitor, scan and protect your devices from ill intents.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and ‘Like’ us on Facebook.


Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Internet Security

Back to top