VPN Ransomware Protection

The answer is quite simply no, a VPN cannot help you with ransomware attacks, prevent them or solve them. Anybody claiming that they can is trying to sell you something. Untrustworthy VPN providers are guilty of marketing their products as cure-alls for every problem on the internet, and “ransomware” is just another keyword to them. Even a VPN isn’t a cure-all for internet privacy. You also need to change your browsing habits.

The reason why a VPN can’t block ransomware is because they’re very different things. In real-world terms, it’s a little like be like replacing your car’s tires to fix a chip in the windshield. It’s not directly related. To understand a little better how this works—or rather, not—we need to take a closer look at both ransomware and VPNs.

Requirements
The only thing you'll need to use Confidential Mode is a Gmail account on either the web-based Gmail client or the mobile app (it works on Android and iOS). I'm going to demonstrate using the web-based client, which works on almost any web browser, but the email client works similarly.

How to send an email in Confidential Mode

1. Open Gmail
Open your web browser, head to Gmail, and log in.
2. Compose an email
​Click Compose to open the Gmail compose window. At the bottom of that window, click the padlock-and-clock icon

3. Configure the Confidential Mode settings
In the resulting pop-up, click the Expiration drop-down and select one day, one week, one month, three months, or five years.

If you want to add a passcode, click SMS passcode and click Save, which will return you to the Compose window.

4. Compose and send your email
Compose the email as you would normally and then click Send. This will bring up another pop-up, where you'll be asked to type a phone number for the recipient.

Click Send and your recipient will receive an email with a link to view its contents. When they click the link, a new web browser page will open where they'll need to click a link to be sent the passcode. Once they have the passcode, they enter it in the browser pop-up and click SUBMIT, and they can then view the message.

No matter what type of email account you send the Confidential Mode message to, the recipient will have to open it in a web browser and the content is displayed in such a way that they cannot do anything with it other than read it.

​In brief: Readers of this site will know that one of the golden rules in life is never to use an unsolicited USB stick that arrives in the mail, even when it's inside convincing Microsoft Office packaging and engraved with the Office logo. Criminals have been using the trick to scam unsuspecting victims in the UK who believed they were sent the expensive piece of software by mistake.

The baiting attack is a more elaborate version of the traditional email phishing version in which millions of people receive messages with links to supposedly free software, often one of Microsoft's suite of programs, but they are actually downloading malware onto their device.
While mailing an engraved USB stick inside fake Office Professional Plus packaging to random people might cost a lot more than email phishing, recipients are more likely to be fooled into thinking it's the real deal, convinced they were sent the $439 item by mistake.
​
Sky News reports that the storage device does not contain Microsoft Office, of course. Victims who plug the drive into their machines are met with a warning informing them that their system is infected with a virus, and the only way of removing it is to call the included toll-free number.

Martin Pitman, a cybersecurity consultant for Atheniem, explains that this is the point where the scam moves into more traditional territory. After making the call, the person on the other end of the line explains to the victim that they need to install a program to rid themselves of the virus. This is a type of remote access program (RAT) that grants the scammer complete control of the computer.
​
"Here the hackers 'sorted' the problem and then passed the victim over to the Office 365 subscription team to help complete the action," Pitman explained.
Microsoft confirmed it is aware of the scam taking place but insisted such instances are rare. The company said it makes every effort to remove any suspected unlicensed or counterfeit products from the market. Microsoft reaffirmed that it never sends out unsolicited packages, and it does not contact people out of the blue for no reason.

Did you find a random USB stick, perhaps at your school or in a parking lot? You may be tempted to plug it into your PC, but you could leave yourself open to attack or, worse still, permanently damage your machine. Here’s why.

USB Sticks Can Spread Malware​

Probably the most common threat posed by a USB drive is malware.
Infection via this method can be intentional and unintentional, depending on the malware in question.
USB drives can also disseminate other security threats like remote access trojans (RATs), which give a potential attacker direct control of the target, keyloggers that monitor keystrokes to steal credentials, and ransomware that demands money in exchange for access to your operating system or data.

Ransomware is an increasing problem, and USB-based attacks aren’t uncommon.
​In early 2022 the FBI released details about a group called FIN7 who were mailing USB drives to US companies. The group attempted to impersonate the US Department of Health and Human Services by including the USB devices with letters referencing COVID-19 guidelines and sent some infected drives out in Amazon-branded gift boxes with thank you notes and counterfeit gift cards.
In this attack, the USB drives presented themselves to the target computer like keyboards, sending keystrokes that executed PowerShell commands. In addition to installing ransomware like BlackMatter and Ravil, the FBI reported that the group could obtain administrative access to target machines.
​In addition to USB drives being used to deliver a payload, dreams can just as quickly become infected by being placed into compromised computers. These newly infected USB devices are then used as vectors to infect more machines, like your own. This is how it’s possible to pick up malware from public machines, like those you might find in a public library.

“USB Killers” Can Fry Your Computer
While malicious software delivered by USB poses a real threat to your computer and data, there is a potentially even greater significant out there in the form of “USB killers” that can physically damage your computer. These devices created quite the splash in the mid-2010s, with the most famous being the USBKill which is (at the time of writing) on its fourth iteration.
​This device (and others like it) discharges power into whatever it is plugged into, causing permanent damage. Unlike a software attack, a “USB killer” is designed to damage the target device at a hardware level. Data recovery from drives may be possible, but components like the USB controller and motherboard will probably not survive the attack. USBKill claims that 95% of devices are vulnerable to such an attack.
These devices don’t only affect your computer via USB drives. Still, they can also deliver a powerful shock to other ports, including smartphones that use proprietary ports (like Apple’s Lightning connector), smart TVs and monitors (even over DisplayPort), and network devices. While early versions of the USBKill “pentesting device” repurposed the power supplied by the target computer, newer versions contain internal batteries that can be used even against devices that aren’t powered on.
The USBKill V4 is a branded security tool used by private companies, defense firms, and law enforcement worldwide. We found similar unbranded devices for less than $9 on AliExpress, which look like standard flash drives. These are the thumb drives you are far more likely to encounter in the wild, with no real tell-tale signs of the damage they can cause.

How to Deal With Potentially Dangerous USB Devices
The simplest way of keeping your devices safe from harm is to scrutinize every device you connect. If you don’t know where a drive came from, don’t touch it. Stick to brand-new drives that you own and purchased yourself, and keep them exclusive to devices that you trust. This means not using them with public computers that could be compromised

While USB killers could cost you hundreds or thousands of dollars in hardware damage, you’re probably not likely to encounter one unless someone targets explicitly you.
Malware can ruin your whole day or week, and some ransomware will take your money and then destroy your data and operating system anyway. Some malware is designed to encrypt your data to make it unrecoverable, and the best defense against any type of data loss is to always have a solid backup solution. Ideally, you should have at least one local and one remote backup.

Take Care
For most people, malware delivered by USB poses little threat because cloud storage has replaced physical devices. “USB killers” are scary-sounding devices, but you probably won’t encounter one. However, by taking simple precautions like not putting random USB drives into your computer, you can eliminate almost all risks.
However, it would be naive to assume that attacks of this nature do occur. Sometimes they target individuals by name, delivered in the post. Other times they’re state-sanctioned cyberattacks that damage infrastructure on a massive scale. Stick to a few general security rules and be safe online and offline.