The USB (Universal Serial Bus) has become a ubiquitous storage device for consumers and businesses alike in which they store everything under the sun-work files to personal clicks. Businesses often count on USB’s as a quick and easy back up tool for company data and applications.
But this easy access and widespread usage is a major source of shipping ransomware and malware into systems. For a long time, security researchers have been warning individuals and business establishments against the usage of USB sticks for transfer of sensitive data yet individuals and owners have paid no heed to their warnings.
Because of a USB’s small size, it is easy to drop or misplace which will serve as an opportunity for scammers to scoop up as many orphaned USB’s as possible to use the data on them for identity theft and other schemes.
Hackers also intentionally drop USBs in public areas, so that if anyone picks it up and uses on their computer, they can be attacked.
The malware is also transferred when a USB is plugged into a system.
Last month, North Korean defectors successfully shipped in "several thousand" USB sticks containing banned content like South Korean soaps, Hollywood films, and global news. While this transfer was not dangerous enough, there are many others which can compromise the privacy and credentials of individuals and businesses.
The same month also saw the transfer of Spora ransomware which spread itself via highly sophisticated manner.It had implemented encryption procedures that do not need a command and control server, a user-friendly payment site, choice of different packages that victims can opt for including immunity from future attacks and ransomware-as-a-service capability.
It's high time people that people understand that storing sensitive data on an unencrypted USB can prove disastrous, both financially and emotionally.There are a number of USB’s that offer encryption options and that sensitive data should be stored in them physically secured in home or office and should never be carried out of the building.For other non-sensitive data, another USB can be carried for trips or offsite meetings.
The best practice to stay protected also involves to not use USB of anyone else, even if you know the person because their USB can be pre-infected with a malware and it's everyone's interest to not share your USB.
Let the anti-virus and anti-malware applications thoroughly scan all the external storage devices and be sure to diable the auto-run feature on your system which will protect you against automatic loading of of malware files. It's best to stay cautious than to suffer.