Cybercriminals Mailing USB Flash Drives Containing Ransomware

Cyber Crime

Published on January 12, 2022

Recently, the cybercriminal group known as FIN7 has been targeting individuals with packages sent through the mail containing a fraudulent thank you letter, counterfeit Amazon gift cards and a USB flash drive. In some cases, the packages contain fictitious letters purporting to be from the US Department of Health and Human Services (HHS) providing information on COVID-19 guidelines or as forged Amazon/Best Buy thank you cards with counterfeit gift cards. The enclosed USB flash drives are typically silver with a swivel cover and imprinted with the logo "LilyGO." When plugged into a computer, the USB flash drive automatically performs keystrokes that cause the computer to be infected with malware (malicious software). Upon gaining access to the computer system, the cybercriminals move laterally in the network to obtain administrative privileges and deploy ransomware.

What can I do?

First, you should never use a USB Flash Drive that you found or that was delivered to you without requesting it. USB Flash Drives have notoriously been used to infect machines with malware.

Your vigilance in identifying suspicious packages and messages is the most effective protection against these types of attacks. Please be on alert for packages with USB drives that may include letters, gift cards and other miscellaneous items. Some have reported that the USB drive has the recipient's name written on it with a marker. Others have received fraudulent follow-up emails and phone calls pressuring recipients to plug the USB flash drive into their computers.

If you receive one of these packages, please report it to the CTS Help Desk at immediately. For more information about safe computing, visit

Below are two pictures of how these attacks are sent.

Amazon USB

Best Buy USB