USB drives are a simple and convenient way to move files between devices, but they can pose risks. Unlike email-delivered viruses, where you typically have to click a link to download anything, USB-delivered malware can infect your computer the moment you plug a flash drive in.
Removable media like USB sticks are responsible for 9% of all security incidents, the second-most of any attack vector. That number goes up to 20% when you don’t include incidents involving cloud services. That’s a lot of attacks, so how can you ensure your USB isn’t compromised? Start with these five steps.
How to Protect Your PC From Infected Thumb Drive (Tips and Tools)
A thumb drive or flash drive — is the most common portable data storage device. However, it can... Read more
1. Avoid using unknown USB drives
The best way to avoid infected USB devices is not to use any you don’t recognize. If someone gives you a flash drive or you find one in the wild, assume it’s unsafe and don’t plug it into your computer.
Handing out infected flash drives or leaving them for curious passers-by is a common social engineering technique that takes advantage of human weaknesses like curiosity. It plays a role in 90% of security breaches because it’s so effective. People are naturally curious, and if a shiny new USB sits on the ground, they’ll want to know what’s on it.
Avoid caving to that temptation if you want to stay safe. There’s no way to tell where that drive came from or what it was plugged into before, so the risks outweigh any interesting things you might find.
2. Run Linux from a safe USB drive
You may not have an old or backup computer lying around. If that’s the case, you can protect your files from a potentially compromised USB by running Linux off a different flash drive. Opening the suspicious USB in Linux will provide a barrier between any malware and your normal operating system.
Linux is free to download and can run off a flash drive. Find a distribution, often called a distro, with a large support community like Ubuntu, then download it to a USB you know is safe. Follow the installation guide to run this new OS from your flash drive.
3. Use an old (or unimportant) computer
Your personal USB drives can get infected, too, so you need to know how to check them for malware. If you’re suspicious and want to know more, find an old computer or one you don’t use for anything important. Use this to check the drive instead of your main computer.
Malware won’t be a big issue if your USB is infected but you plug it into a computer with no personal information or sensitive files. However, you must be sure there’s nothing a hacker would find valuable on your device.
Erase any important files or personal information and disconnect the computer from the Internet before plugging anything in.
4. Plug it in, scan it
Once you’ve followed these other steps, it’s time to check your USB. Run Linux if you’re going that route, disconnect your computer from the Internet and open your antivirus software. Then, plug the USB drive in.
Use your anti-malware software to scan the drive. That process will look different depending on what software you use, but there should be clear instructions from the program’s main menu. If your antivirus doesn’t find anything, your USB is probably safe and you can use it normally.
5. Disable Autorun and use an Anti-malware app
Another step to take before plugging the suspicious USB in is disabling Autorun. As the name implies, this feature automatically runs external media like flash drives, which is how malware often infects your computer from a USB. You’ll want to disable it to safely check your drive for viruses.
You’ll also need to install anti-malware software if you don’t have any already. Even if you do, check for updates to ensure you can scan for the latest threats. It’s a good idea to update all your other software while you’re at it to be as safe as possible.
What to do with a compromised USB drive?
If your antivirus software finds an issue, you’ll have to remove it from your drive. The program will likely let you automatically delete infected files, which is the safest way forward. Once you’ve taken care of the suspicious files, restart your computer and follow these steps again to ensure you’ve removed the malware.
If you want to be as safe as possible, it’s best not to use that USB drive again, even after removing the infected malware. Keeping backups of all important files in the cloud will let you discard these devices without worrying about losing the stuff you want.
It’s also a good idea to keep your online credentials on check to catch if anything slipped through the cracks. You can check the Have I Been Pwned website to see if someone got hold of your credentials and watch your bank account and social media channels for suspicious activity.
You should also use a password manager, change all your passwords and run frequent virus scans on your computer.