The Nigerian Communications Commission (NCC) has warned the
public against installing USB devices from unknown sources as such devices may
contain ransomware.
Ransomware is a form of malware designed to encrypt files on
a device, rendering any files and the systems that rely on them unusable.
Ransom may also be demanded in exchange for decryption.
In a statement issued on Friday, the NCC said the warning
for Nigerians became necessary after the Nigerian Computer Emergency Response
Team (ngCERT) identified the new ransomware as “high-risk and critical”.
According to an advisory by the ngCERT, corporate and
individual networks are likely to be targeted.
“The cybercrime group has been mailing out USB thumb drives
to many organisations in the hope that recipients will plug them into their PCs
and install the ransomware on their networks. While businesses are being
targeted, criminals could soon begin sending infected USB drives to
individuals,” the statement reads.
“The attack has been seen in the US where the USB drives
were sent in the mail through the Postal Service and Parcel Service. One type
contained a message impersonating the US Department of Health and Human
Services and claimed to be a COVID-19 warning. Other malicious USBs were sent
in the post with a gift card claiming to be from Amazon.
“The USB drives contain so-called ‘BadUSB’ attacks. The
BadUSB exploits the USB standards versatility and allows an attacker to
reprogram a USB drive to emulate a keyboard to create keystrokes and commands
on a computer. It then installs malware prior to the operating system booting,
or spoofs a network card to redirect traffic.
“Numerous attack tools are also installed in the process
that allow for exploitation of personal computers (PCs), lateral movement
across a network, and installation of additional malware. The tools were used
to deploy multiple ransomware strains, including BlackBatter and REvil.”
The Commission, through ngCERT, recommended that operators
protect their devices, and advised that suspected cyber intrusions be reported
immediately.
“The recommendations include a call on individuals and
organisations not to insert USB drives from unknown sources, even if they’re
addressed to you or your organisation,” the commission said.
“In addition, if the USB drive comes from a company or a
person one is not familiar with and trusts, it is recommended that one contacts
the source to confirm they actually sent the USB drive.
“ngCERT has advised
Information and Communication Technology as well as other Internet users to
report any incident of system compromises to ngCERT via incident@cert.gov.ng,
for technical assistance.”
Advertise on NigerianEye.com to reach thousands of our daily users
No comments
Post a Comment
Kindly drop a comment below.
(Comments are moderated. Clean comments will be approved immediately)
Advert Enquires - Reach out to us at NigerianEye@gmail.com