With increasing scams sending USB sticks with ransomware, a ransom demand to encrypt data to make it unusable and undo



There have been many incidents in which a USB memory containing 'Guidelines related to the new coronavirus issued by the Ministry of Health and Welfare' and 'Amazon Gift Card' has arrived.

These USB memory sticks are equipped with 'ransomware' that actually makes the data on the PC unusable and requires a ransom.

FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware --The Record by Recorded Future
https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/

Ransomware warning: Cyber criminals are mailing out USB drives that install malware | ZDNet
https://www.zdnet.com/article/fbi-cybercriminals-are-mailing-out-usb-drives-that-will-install-ransomware/

On January 6, 2022, the Federal Bureau of Investigation (FBI) in the United States told domestic companies that 'USB memory containing malicious software was sent to transportation, insurance, and defense industry-related companies. I issued an official warning. This USB memory is disguised in various ways so that it can not be understood, and there are cases where it is disguised as 'a USB memory containing guidelines related to the new coronavirus sent by the United States Department of Health and Welfare, which is equivalent to the Ministry of Health and Welfare of Japan'. In some cases, it is disguised as an 'Amazon gift card USB memory' with a fake letter of appreciation enclosed. In the cases currently confirmed, the parcel is delivered by the United States Postal Service (USPS) or United Parcel Service (UPS) , and the USB itself is made by LilyGO in China.

According to FBI, when you connect this USB stick to your PC, it will be recognized as a 'keyboard' and will automatically perform keystrokes to download and install the preset ransomware. It has been confirmed that not only the PC with the USB memory in question is damaged, but also other PCs on the local network are attacked by forcibly acquiring management authority.



Ransomware is a general term for malicious programs that impose access restrictions on PC systems and demand that 'pay a ransom to unlock them.' In this case, 'REvil' that hit Taiwan's major PC maker Acer and the world's largest meat trader JBS and 'Black Matter' that caused damage to the extent that the Biden administration declared a state of emergency. It was used.

America's largest oil pipeline shuts down due to ransomware attack, Biden administration declares emergency-GIGAZINE



Regarding the criminal, the FBI claims that it is 'FIN7' whose activity has been confirmed since 2015.

in Security, Posted by darkhorse_log