Ransomware gangs are mailing malicious USB drives, posing as the U.S. Department of Health and Human Services (HHS) and/or Amazon to target the transportation, insurance and defense industries for ransomware infection, the FBI warned on Friday.

In a security alert sent to organizations, the FBI said that FIN7 – aka Carbanak or Navigator Group, the infamous, financially motivated cybercrime gang behind the Carbanak backdoor malware – is the guilty party.

FIN7 has been around since at least 2015. Initially, the gang made its reputation by maintaining persistent access at target companies with its custom backdoor malware, and for targeting point-of-sale (PoS) systems with skimmer software. It often targets casual-dining restaurants, casinos and hotels. But in 2020, FIN7 also got into the ransomware/data exfiltration game, with its activities involving REvil or Ryuk as the payload.