The Nigerian Communications Commission (NCC) has warned members to beware of a cybercrime group that has perfected a novel scheme to deliver ransomware to targeted organizational networks.
The new ransomware discovered by security experts has been categorized as high-risk and critical by the Nigerian Computer Emergency Response Team’s (ngCERT) advisory released over the weekend.
According to the ngCERT advisory, the criminal group has allegedly been mailing out USB thumb drives to many organizations in the hope that recipients will plug them into their PCs and install the ransomware on their networks.
While businesses are being targeted, criminals could soon begin sending infected USB drives to individuals.
The cert advisory said the USB drives contain so-called ‘BadUSB’ attacks when describing how the cybercrime group runs the ransomware.
The BadUSB exploits the USB standards versatility and allows an attacker to reprogram a USB drive to emulate a keyboard to create keystrokes and commands on a computer. It then installs malware before the operating system booting or spoofs a network card to redirect traffic.
Numerous attack tools are also installed in the process that allows for exploitation of personal computers (PCs), lateral movement across a network, and installation of additional malware. The tools were used to deploy multiple ransomware strains, including BlackBatter and Ravil.
cert has, however, offered recommendations that will enable corporate and individual networks to mitigate the impact of this new cyber-attack and be protected from ransomware.
Their recommendations include a call on individuals and organizations not to insert USB drives from unknown sources, even if they’re addressed to you or your organization.
They added that if the USB drive comes from a company or a person one does not trust, it is recommended that one contacts the source to confirm they sent the USB drive.
The cert finally advised ICT as well as other Internet users to report any incident of system compromises to ngCERT via *incident@cert.gov.ng,* for technical assistance.
