FIN7 Mailing Malicious USB Sticks to Drop Ransomware

The FBI warned that attackers are impersonating Health & Human Services and/or Amazon to mail BadUSB-poisoned USB devices to targets in transportation, insurance & defense.

Ransomware gangs are mailing malicious USB drives, posing as the U.S. Department of Health and Human Services (HHS) and/or Amazon to target the transportation, insurance, and defense industries for ransomware infection, the FBI warned on Friday.

In a security alert sent to organizations, the FBI said that FIN7 – aka Carbanak or Navigator Group, the infamous, financially motivated cybercrime gang behind the Carbanak backdoor malware – is the guilty party.

FIN7 has been around since at least 2015. Initially, the gang made its reputation by maintaining persistent access at target companies with its custom backdoor malware, and for targeting point-of-sale (PoS) systems with skimmer software. It often targeted casual-dining restaurants, casinos and hotels. But in 2020, FIN7 got into the ransomware/data exfiltration game, with its activities involving REvil or Ryuk as the payload.

The FBI said that over the past several months, FIN7 has mailed the malicious USB devices to US companies, in hopes that somebody would plug in the drives, infect systems with malware and thus set them up for

Read More: