Cybercriminals are sending “decorative gift boxes” to unsuspecting businesses containing Lily Go USB flash drives that are installing ransomware on targeted devices.
The US Federal Bureau of Investigation, FBI, has released a warning to inform enterprises about malicious USB flash drives sent through the mail to spread ransomware and launch cyberattacks.
As per the FBI, the package comes as a “decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB.”
Details of the Scam
The FBI has warned that the infamous cybercrime group FIN7 is sending shady gifts to different US firms. The package is disguised as sent by the US Department of Health & Human Services or Amazon to deceive the recipient into using the suspicious package.
The packages contain USB flash drives that contain malware. The packages also include a letter providing details of COVID-19 guidelines supposedly issued by the department or Amazon online gift cards.
Campaign Active since August 2021
According to reports, the FBI states that the infected USB drives are being sent since August 2021, and these packages are sent through the US Postal Service or the United Parcel Service.
“The FBI has received reports of several packages containing these USB devices, sent to US businesses in the transportation, insurance, and defense industries,” the agency revealed.
USB Drives Spreading Ransomware
The suspicious packages contain a Lily Go USB flash drive that the FBI states are installing ransomware to its targets’ computers. The agency also explained that the USB flash drive included in the package executes a BadUSB attack after getting plugged into the target’s computer.
The BadUSB attack installs itself into a device using a thumb drive and pretends to be a keyboard device rather than a USB drive. The bureau noted that the BadUSB attack spread BlackMatter and REvil ransomware to its victim firms’ computers.
“FIN7’s end goal in such attacks is to access the victims’ networks and deploy ransomware (including BlackMatter and REvil) within a compromised network using various tools, including Metasploit, Cobalt Strike, Carbanak malware, the Griffon backdoor, and PowerShell scripts,” the FBI said.