For most ExtremeTech readers this should almost go without saying, but if you find a mysterious USB drive in your mailbox, don’t plug it in. There are more dangerous things a criminal element could drop in your mailbox, but a malware infected USB drive isn’t good. Police in Australia are investigating a series of thumb drives that showed up in mailboxes carrying some nasty ransomware.
According to police in the Australian city of Pakenham, 37 miles from Melbourne, multiple residents have reported strange USB drives appearing in their mailboxes. There are no stamps or addresses — they’re just envelopes someone dropped off by hand. The USB drives themselves are unmarked, but the software present on it is cleverly disguised.
Upon plugging in the drive, users see what appears at first to be a promotional offer from Netflix or another streaming service. And of course, who doesn’t like free stuff? Some more trusting members of the public went ahead with the installation, which didn’t provide any free entertainment at all. Instead, the computers were infected with ransomware. The police say that two or three people are known to have been infected in this way. Although, it’s possible that some people simply didn’t report their gullibility to the authorities.
Ransomware has become a persistent threat in the last few years. Viruses used to just steal data and use your machine for nefarious purposes, but ransomware can give criminals an immediate payday when someone is successfully infected. Ransomware encrypts files stored on the machine, then demands a Bitcoin payment to unlock them. Since Bitcoin is unregulated and effectively untraceable, the perpetrators can be extremely hard to catch. These attacks have been used against average internet users frequently, but criminals have started targeting specific companies and organizations as well. A person might pay a few hundred dollars to get their files back, but a corporation or hospital might pay a lot more to regain access to its data.
Most ransomware attacks involve social engineering on the internet to trick people into installing the software, but the mailbox approach is new. Still, it could be effective. People are naturally curious, and a mysterious USB drive can be tempting. They’re more likely to plug in a USB drive that shows up in real life than open a suspicious file they come across on the internet.
In this case, police are advising anyone who finds a USB drive in their mailbox not to plug it in (duh) and immediately contact the authorities.
Now read: 19 ways to stay anonymous and protect your online privacy