A warning from the FBI about a bizarre cyber attack that arrives in the mail. So far these crooks have targeted businesses and government agencies but anyone could be a victim.
Cybercriminals are sending USB devices loaded with dangerous BadUSB ransomware that can infect systems. According to the FBI, “Since August 2021, the FBI has received reports of several packages containing these USB devices, sent to US businesses in the transportation, insurance, and defense industries.”
These packages have arrived via both UPS and the Postal Service. There are two versions of the scam. One claims to be from the US Department of Health and Human Services and comes with a letter claiming the USB device contains important new COVID guidelines.
Another version masquerades as an Amazon delivery and comes in a decorative gift box along with a thank-you letter. According to the FBI, both contain LilyGo USB devices. Some contain ransomware, other thumb drives trick your computer into thinking they’re a keyboard and command it to download malware that gives attackers access to your computer.
As always, be very suspicious when things you haven’t ordered show up. Just as you wouldn’t click on a strange link, don’t connect an unknown USB device to your computer.