USB Drop Attack

What You'll Learn

• Recognize USB drop attacks as a social engineering threat
• Identify warning signs during a potential USB-based attack
• Apply the correct procedure for handling found USB devices
• Execute proper incident response after suspected malware infection
• Understand ransomware and why ransom demands should never be paid

Training Steps

1. A Morning Discovery

   It's Tuesday morning. Alice grabs her coffee and heads to her home office to start the workday. On her way through the apartment building lobby, something catches her eye on the floor near the mailboxes. A sleek black USB drive with an official-looking label: 'CONFIDENTIAL - Q4 Salary Review - HR ONLY'

2. The Temptation

   Alice picks up the drive, curiosity piqued. Someone from her building must work at her company - or maybe a competitor? She knows she should turn it in to IT, but... 'I'll just check what's on it first,' she thinks. 'If it's really HR data, I should verify it's ours before handing it over.'

3. Antivirus Warning

   Windows recognizes the USB drive. The file explorer opens, showing several files: Q4_Salary_Review_2024.xlsx Employee_Performance_Rankings.pdf Compensation_Adjustments.docx Suddenly, an antivirus warning pops up - the system has detected suspicious content on the drive.

4. Opening the File

   Alice dismisses the warning, convinced it's a false positive. The salary spreadsheet is right there, promising answers to questions everyone whispers about. She double-clicks the Excel file. It opens with a security warning: 'Macros have been disabled.' The content is hidden behind a message asking to enable macros.

5. The Encryption

   The moment Alice clicks 'Enable Content,' the malicious macro executes. A command prompt window flashes briefly on screen. The hard drive starts churning. Within seconds, ransomware silently encrypts every file on her computer - documents, photos, projects, everything.

6. Checking Her Files

   Something feels wrong. Alice's computer seems sluggish, and the hard drive is still churning. A cold knot forms in her stomach. She rushes to check her important work documents - the quarterly report she's been working on for weeks.

7. The Ransom Demand

   Instead of her quarterly report, a terrifying ransom screen appears. A glowing red lock icon. A countdown timer. A demand for 0.5 Bitcoin. Every single file on her computer - documents, photos, projects - has been encrypted by ransomware. The attackers are demanding payment to unlock her data.

8. Immediate Response

   Alice's heart sinks as she realizes the severity of the situation. All her files - work projects, personal documents, everything - are now encrypted and held hostage. She remembers from security training: the first priority is to stop the malware from spreading to other devices on the network.

9. Damage Control

   Alice immediately powers off her PC to prevent the ransomware from spreading further. She remembers from security training: disconnect first, ask questions later. She moves to her backup laptop to report the incident. The security team needs to know about this immediately.

10. Filing the Report

    Alice opens the security incident report form. Complete honesty is crucial - even though she made a mistake, reporting quickly can limit the damage. She documents everything: where she found the USB, what she did with it, and the ransomware infection.

Knowledge Check Questions

This training includes a 7-question quiz to test your understanding of Security Awareness threats and defenses.

• What is a USB drop attack?
• Why do attackers often label USB drives with enticing content like 'Salary Data' or 'Confidential'?
• What should you do if you find an unknown USB drive? (Select all that apply)
• Why are document macros a significant security concern?
• If you accidentally plug in a suspicious USB and suspect infection, what should you do immediately? (Select all that apply)