This particular method of cyber-attack has been around for a while, but it’s clearly not going away anytime soon. Hackers introduce new virus strains that use new-found weaknesses to breach networks and Cybersecurity reacts with new defenses, so the cyber criminals find another way.
Hackers are as relentless and single-minded as the millions of army ants Charlton Heston fought off in the old movie ‘The Naked Jungle’. Nothing would stop them – not even a river – the ants conquered the challenges and kept coming. Such is the determination of the modern cyber-criminal.
Word of the flash drive tactic has been circulating among the Charlotte IT Support community for some time. Most IT services providers are aware of it. If your IT support alerts you to any new style of threat – take it seriously.
There are two main tactics to a cyber-attack strategy:
1) The breach – initial entry.
2) Once in, hiding or immediately crippling the system.
With Ransomware, the victim is aware of the breach right away. Click a bad link or attachment in a phishing email and their system is immediately locked and their data encrypted. The lockout screen gives directions on how to pay the ransom in cryptocurrency in order to receive a decryption key – which over 40% of victims who pay NEVER get.
Some types of malware slither in and quietly start copying and sending out the data. The victim is usually none the wiser because the data has been left in place.
But the real trick is the initial breach. This is where businesses and IT support most need to be a step ahead of. Even the best Cybersecurity measures cannot stop an end-user from unwittingly allowing malware into the system.
One of the main tools in a hacker’s toolbox is the phishing scams. They change-up and concoct better ruses to dupe end users into clicking a link or opening an attachment in a malicious email. But as people get wise to them and more companies institute a standardized Security Awareness Training regimen, they seek out other ways to get in.
The USB Flash Drive Scam
The first documented appearance of this ploy was in 2019. The USB flash drive scam started slowly and steadily picked steam as criminals perfected their trickery. Originally targeting the defense, transportation, and insurance industries, the victim base has greatly expanded over the last few years to include any and all businesses and industries.
How do hackers use USB?
Here’s a typical scenario: A ‘FREE’ flash drive arrives in the US mail. It appears to come from a trusted source – early crooks posed as the Department of Health and Human Services (HHS) referencing guidelines for the COVID pandemic – which are supposedly provided in the USB drive. They have copied online retailers like Amazon, sending a forged ‘Thank You’ gift card with a flash drive containing either instructions on how to activate the card or a list of items that can be purchased with the card.
At this point, malicious flash drives are coming from a variety of fake sources – any retailer, healthcare providers, and any one of a number of government agencies.
If you receive a flash drive you were not expecting, report it to your IT HelpDesk - DO NOT PLUG IT IN! As soon as the connection is made, the malware floods into your workstation and continues to the greater network unless stopped immediately. The practice of discovering any viruses on a flash drive through plugging it in, opening ‘My Computer’, and right clicking on the flash drive icon to ‘Scan for Viruses’ is the worst possible thing to do in this case – as soon as you plug in the USB drive, your goose is cooked.
We at ITFirm.com encourage our clients to play ‘Cyber War Games’, which includes sending phishing emails to the staff to see who clicks the link or attachment. Another ploy we have used is to have a flash drive dropped on the floor in a common area. Once plugged in, we get an alarm that identifies the workstation. That flash drive should have been given to management to be examined by the in-house IT support or the outsourced Managed Services Provider – NOT just plugged in to see what’s on it.
Frequently Asked Questions
Q: What is ransomware in simple words?
A: Ransomware is malware that encrypts the victim’s data making it, and the entire system, unusable to the victim, then demands a ransom for its decryption. Loss of data and the use of the network is devastating to any organization.
Q: How can you tell if an email is phishing?
A: Your first clue is that it just doesn’t feel right.
You receive an email with a subject line like “I thought you’d get a laugh out of this.” Inside is a link or attachment supposedly promising hilarity. EXCEPT – it comes from a person who never sends you this type of thing – or someone who is completely unfamiliar to you.
Generic greetings: When somebody who should know your name calls you ‘Dear colleague’ or Dear valued customer’, the hair on the back of your neck should stand up.
Unlikely ‘stories’: Trust me – no Nigerian Prince with 100 million dollars in a frozen account is going to contact you and offer a healthy reward for sending him 5 thousand bucks to free his funds. This is NEVER going to happen.
Bad spelling and grammar: It seems strange, but crooks can’t spell – maybe English is not their first language – although hackers have been cleaning this up a bit.
Inexact address: If you think you received an email from ITFirm.com, and the sender’s address is ‘joe@theitfirm.com’. It seems silly, but we get about 4-5 calls a year from hardware or software vendors following up on a fraudulent purchase order. Easily identified by asking the vendor if the email address includes ‘the’. Also, any legitimate US government address ends in ‘.gov’ – only that, and nothing after that.
Asks for sensitive information: Any entity that asks you to verify your account number or password is highly suspect. The IRS is NOT going to email you to have you confirm your Social Security Number (SSN). EVER.
The FBI offers a fount of information on this subject HERE. Psst! Don’t give them your SSN either.
Q: What are malicious USB devices?
A: Thumb or flash drives are the USB vehicle of choice for malware. They are small, easy to deliver and can contain many different types of malware. The damage is done as soon as they are plugged in.
Q: What is the first thing you should do if you are demanded for ransomware?
A: Turn the computer off by holding in the power button until it shuts off, then unplug it from the network and the power outlet. If an infected computer is powered off and unplugged, it's not talking to anything else. If you are quick, grab your phone and take a photo of the ransomware message (you may need it later to restore your data - or for law enforcement). Then report it to your IT services team.
How Secure is your network?
Also, as a longstanding, reputable member of the Charlotte IT Support community, ITFirm.com offers a FREE, no-risk network and Cybersecurity assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to ever use our Managed IT Services.
The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
Planning an Office Move?
Contact us today! We have the experience to ensure a seamless transition. After the move, your employees will arrive at the new location to find their IT infrastructure ready and open for business!
For more information on office moves, or to receive your FREE no-risk network and security assessment, just fill out the form on this page or call us at:
704-565-9705
