The Nigerian Communications Commission (NCC) has warned members of the public against the activities of a cybercrime group that has perfected a New Year scheme to deliver ransomware to targeted organizational networks.
NCC stated that new ransomware uncovered by security experts has been categorised, by the Nigerian Computer Emergency Response Team’s (ngCERT) advisory released over the weekend, as high-risk and critical.
The disclosure of this new development is contained in a public statement issued by NCC and signed by its Director for Public Affairs, Dr Ikechukwu Adinde, on Saturday, January 15, 2022, and can be seen on its website.
Adinde in the statement pointed out that ngCERT advisory said that the criminal group is said to have been mailing out USB thumb drives to many organisations in the hope that recipients will plug them into their PCs and install the ransomware on their networks. While businesses are being targeted, criminals could soon begin sending infected USB drives to individuals.
What the NCC Spokesman is saying in the statement
While describing how the cybercrime group runs the ransomware, NCC noted that the ngCERT advisory says the USB drives contain so-called ‘BadUSB’ attacks. The BadUSB exploits the USB standards versatility and allows an attacker to reprogram a USB drive to emulate a keyboard to create keystrokes and commands on a computer. It then installs malware prior to the operating system booting, or spoofs a network card to redirect traffic.
The statement partly reads, ‘’Numerous attack tools are also installed in the process that allows for exploitation of personal computers (PCs), lateral movement across a network, and installation of additional malware. The tools were used to deploy multiple ransomware strains, including BlackBatter and REvil.
‘’According to ngCERT, the attack has been seen in the US where the USB drives were sent in the mail through the Postal Service and Parcel Service. One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.’’
How to mitigate the cyber-attack
The ngCERT has, however, offered recommendations that will enable corporate and individual networks to mitigate the impact of this new cyber-attack and be protected from the ransomware.
These recommendations include;
- A call on individuals and organisations not to insert USB drives from unknown sources, even if they’re addressed to you or your organization
- In addition, if the USB drive comes from a company or a person one is not familiar with and trusts, it is recommended that one contacts the source to confirm they actually sent the USB drive.
Finally, ngCERT has advised Information and Communication Technology as well as other Internet users to report any incident of system compromises to ngCERT via *incident@cert.gov.ng,* for technical assistance.
What you should know
Recall that in November 2021, the NCC alerted Nigerians of the existence of another hacking group orchestrating cyberespionage in the African telecoms space.
NCC said that an Iranian hacking group known as Lyceum (also known as Hexane, Siamesekitten, or Spirlin) has been reported to be targeting telecoms, Internet Service Providers (ISPs) and Ministries of Foreign Affairs (MFA) in Africa with upgraded malware in a recent politically motivated attacks oriented in cyberespionage.
Also in November 2021, NCC warned android phone users of a new malware gaining access to smartphones and taking control of infected phones. It said the malware is called AbstractEmu and can gain access to smartphones, take complete control of infected smartphones and silently modify device settings while simultaneously taking steps to evade detection.