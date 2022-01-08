Hackers are sending ransomware-infected USBs to businesses in the “transportation and defense industries,” according to the FBI.

Investigators discovered that hackers were sending ransomware-infected USBs to businesses across the US, prompting the FBI to issue a warning.

The malicious packages, which are frequently disguised as official items, have been circulating for several months and have the potential to “compromise a network,” according to reports.

The FBI believes the operation was carried out by Russian hackers FIN7, who were also behind the Darkside and BlackMatter ransomware attacks.

The group’s packages, according to the US agency, were sent via the US Postal Service or United Parcel Service and appeared to be from official companies.

They went on to say that the hackers pretended to be from the US Department of Health and Human Services or Amazon in order to deceive their ransomware victims.

Since then, the FBI has issued a warning to businesses, stating that these packages are certified as fake and dangerous.

The FBI has received reports of several packages containing these USB devices being sent to US businesses in the transportation, insurance, and defense industries since August 2021, according to their statement.

“The packages were sent via USPS and UPS.”

“Packages imitating HHS are frequently accompanied by letters referencing COVID-19 guidelines enclosed with a USB; and packages imitating Amazon arrived in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and USB.”

The FBI also confirmed that all of the packages contained LilyGO-branded USBs that, when plugged into a device, could perform a ‘BadUSB’ attack and infect it with the dangerous malware software.

The group would obtain administrative access and then “move laterally to other local systems” in most cases investigated by the US agency, according to the Record.

Last July, similar Russian malware infiltrated a large number of businesses across the United States, prompting this latest warning.

By targeting the systems of US-based software firm Kaseya, the breach, which is the largest ransomware attack on record, reportedly hit the IT systems of up to one million companies around the world over the course of a 24-hour period.

REvil, a group of Russian hackers, demanded $70 million in Bitcoin for the decryption key two days later.