We research. You level up.
Protect your devices, your data, and your privacy—at home or on the go.
“Thanks to the Malwarebytes MSP program, we have this high-quality product in our stack. It’s a great addition, and I have confidence that customers’ systems are protected.”
Featured Event: RSA 2021
Activate Malwarebytes Privacy on Windows device.
Save 25% on your first year of business protection now. See pricing >
Attackers are mailing USB sticks to drop ransomware on victims’ computers
Posted: by
Physical objects as security threats are in the news at the moment. The oft-touched upon tale of rogue USB sticks is a common one. Being wary of random devices found on the floor, or handed out at events is a smart move. You simply don’t know what’s lurking, and it’s hard to find out safely without the right tools available. Even then, something can slip by and cause no end of trouble on your desktop or network.
Back in 2015, we covered the Dead Drops art project. This involved people hiding their USB stick in public places, and others finding them to join an “anonymous file-sharing network” and see what lurks. Security wise, this is an absolutely terrible idea for most folks.
On the other hand: people absolutely do plug in USB sticks found in the street, and they also happily use freebies at events. Most won’t concern themselves with security worries, but they should. However, it’s one thing to voluntarily grab USB sticks yourself. It’s quite another to be potentially disarmed by someone sending you said device instead.
The FBI has warned that a malware group is sending out infected USB sticks to specific targets. The group is behind major attacks such as the notorious colonial pipeline ransomware incident. Make no mistake, these are heavy hitters (and have been here before, and that time they included gifts such as cuddly toys).
The bogus sticks have been winging their way to potential victims through the post for a number of months. There’s elements of social engineering involved, too. It isn’t just a random stick in an unlabelled baggy, there’s a variety of packaging depending on who the sticks have been sent to. It’s perhaps not quite as visually impressive as rogue teddy bears, but it still gets the job done.
The attackers use a couple of different postal services to send the USBs into the wide blue yonder: United Parcel Service, and United States Postal Service. The sticks have been sent to “US businesses in the transportation, insurance, and defence industries”. The packages are designed to resemble Amazon gifts, and Covid alerts from the US Department of Health, which are likely to carry a strong pull factor for the unwary.
If the USB stick is inserted into a PC, it launches a BadUSB attack and the malware auto-registers as a keyboard. From there, it uses keystrokes to place malware on the system and, potentially, deposit and fire up additional rogue files. Bleeping Computer notes that the end goal is to deploy ransomware on the compromised network.
We don’t know how many organisations have been affected, nor do we know how successful this campaign has been. Organisations should be cautious if they’re in one of the sectors targeted by this attack. In fact, we should all be cautious where rogue USB sticks are concerned. Get ahead of the curve and ponder this issue now, instead of waiting to find out if your area of business is on the next FBI release a few months down the line.
Malwarebytes news
October 11, 2021 – Google has talked about blocking a FancyBear/APT28 themed targeted phish campaign. We look at what it’s doing to keep users safe.
March 10, 2021 – REvil ransomware, also known as Sodinokibi, has deployed a new telephone-based tactic to convince victims to pay up.
August 23, 2019 – We take a look at the current chaos faced by local governments across the US, as ransomware continues to snap at its cities’ heels.
Cybercrime | Mobile
May 14, 2019 – A fix was rolled out for a WhatsApp vulnerability, which was used to inject spyware into mobile devices and target a human rights lawyer.
March 22, 2018 – How do DDoS attacks work? And how do we protect our organizations from the growing size and number of attacks?

Lead Malware Intelligence Analyst
Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.
Silouette of person

See all threats
Threat Center

Malwarebytes Podcast

Book with bookmark

Suspicious person

Write for Malwarebytes Labs
Write for Labs

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.
Imagine a world without malware. We do.
© All Rights Reserved
Select your language
Cybersecurity basics
Your intro to everything relating to cyberthreats, and how to stop them.