Another wet morning across the TN Valley. Find our Interactive Radar here.

USB Sticks: A Prime Source for Malware and Ransomware

The USB (Universal Serial Bus) has become a ubiquitous storage device for consumers and businesses alike. Consumers store everything from recipes to personal files to homework on this device. Businesses often count on USB’s as a quick and easy back up tool for company data and applications.

Unfortunately, their popularity has proven to be a boon for hackers, scam artists, and identity thieves as well. Despite security warnings, individuals and some businesses have continued to use this device to transfer sensitive data from one computer to another – often while on travel. Because of a USB’s small size, it is easy to drop or misplace. Herein lies the problem.  Scammers will scour airports, subway stations, coffee shops and other public areas to scoop up as many orphaned USB’s as possible to use the data on them for identity theft and other schemes.

The Lesson Here: Never put sensitive data on an unencrypted USB. There are a number of USB’s that offer encryption options. If you do need to store this type of data via USB, keep it physically secured in your home or office and never take it out of the building. Use another USB to store non-sensitive data for trips or offsite meetings.

On the flip side, hackers will often drop USB’s in public places, hoping that a passerby will pick it up and use it on their computer. This ploy pays off, too. In a study conducted by Google and the University of Illinois, 48% of the 297 USB’s dropped on campus were picked up and used.

Of course, once the USB is plugged into the computer port, it will install malicious code onto the computer, infecting it and any device on an unprotected network. The malware will then replicate and spread itself to other computers by way of personal emails in your system. Even worse, hackers are now using USB’s to spread ransomware.

The bottom line is, don’t pick up or use a USB from an unknown source. Don’t use someone else’s USB, even if you know that person, because you can’t be sure that their USB is not already infected.

Best Practice:

  1. To safeguard your personal or business data, buy a set of USB’s for use only by you and store them securely.
  2. Don’t share them with anyone.
  3. Control how and when they are used.
  4. Be sure to configure your computer anti-virus and anti-malware applications to scan all external storage devices.
  5. As an extra layer of security, disable the auto-run feature on your computer or laptop. The Windows auto-run feature enables CDs to play automatically when inserted in the drive. Removable and thumb drives use the same auto-run feature to load files when the drives are plugged into the USB port. Malware relies on this auto-run feature to spread from thumb drive to PC.

Sources: BBB North Alabama and Google.com.

To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to bbb.org.