Nigeria’s Communication regulatory body, the Nigerian Communications Commission, NCC has notified the public about a malicious group perpetrating cybercrime to deliver ransomware to some specific organizational networks this new year.
The newly discovered ransomware by the Nigerian Computer Emergency Response Team (ngCERT) has been dubbed very critical and high-risk.
The cybercrime group according to ngCERT advisory is sending out USB thumb drives to many organizations, hoping that the sent items will be connected to as many recipients PCs, thus, unknowingly installing ransomware on their networks.
While businesses are being targeted, criminals could soon begin sending infected USB drives to individuals.
Describing how the cybercrime group runs the ransomware, the ngCERT advisory says the USB drives contain so-called ‘BadUSB’ attacks.
The BadUSB exploits the USB standards versatility and allows an attacker to reprogram a USB drive to emulate a keyboard to create keystrokes and commands on a computer. It then installs malware prior to the operating system booting or spoofs a network card to redirect traffic.
Numerous attack tools are also installed in the process that allows for exploitation of personal computers (PCs), lateral movement across a network, and installation of additional malware. The tools were used to deploy multiple ransomware strains, including ‘BlackBatter’ and ‘REvil’.
According to ngCERT, the attack has been seen in the US where the USB drives were sent in the mail through the Postal Service and Parcel Service.
One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.
However, ngCERT has offered recommendations that will enable corporate and individual networks to mitigate the impact of this new cyber attack in order to be protected from the ransomware.
These recommendations include a call on individuals and organizations not to insert USB drives from unknown sources, even if they’re addressed to you or your organization. In addition, if the USB drive comes from a company or a person one is not familiar with and trusts, it is recommended that one contacts the source to confirm they actually sent the USB drive.
Finally, ngCERT has advised Information and Communication Technology as well as other Internet users to report any incident of system compromises to ngCERT via incident[at]cert.gov.ng, for technical assistance.
Don’t miss important articles during the week. Subscribe to techbuild.africa weekly digest for updates.
