We ALWAYS recommend strict and tight controls around the use of USB sticks or drives in your environment. They have long been the carriers and purveyors of malware and viruses on corporate networks. If you currently do not block the use of USB drives on laptops and computers you absolutely should be – now! Here is some new information around a particularly bad strain of malware that is spreading via USB drives:

The new Spora ransomware strain has now been dissected by more malware researchers and the team from G Data discovered that Spora uses an “innovative” way to spread itself via USB sticks. This strain is highly sophisticated and could become the “New Locky”. Spora has well-implemented encryption procedures that do not need a Command & Control server, a user-friendly payment site, choice of different “packages” that victims can opt for including immunity from future attacks, and Ransomware-as-a-Service capability.

This begins with an email containing a .zip file, that if the user double clicks will execute code on the machine. It will appear to open a word doc, then try to close it but give a file is corrupt message – in reality it is executing the bad code and infecting the machine. Nothing actually happens until someone begins to navigate through folders on the machine of the desktop. At this point it spreads to the files, and any other drives connected including USB. This is where outside sources could infect the inside of the network. Imagine someone at home, with less protections and awareness on their home computer, then bringing a USB into the office that is now infected. When they plug it in and start attempting to use it the corporate system and network are now compromised.

Users need to be aware, be educated, be vigilant. You, as a business owner, leader, manager need to ensure that your network is protected, that USB use is disabled and that your users are educated as to the risks of opening files from email, especially those they don’t recognize or didn’t expect.

Here’s a link to a blog post from knowbe4.com outlining the malware.