The Nigerian Communications Commission (NCC) has issued a warning about a cybercrime group that has perfected a new year scheme to deliver ransomware to targeted organizational networks.
The new ransomware uncovered by security experts has been categorised by the Nigerian Computer Emergency Response Team’s (ngCERT) advisory released over the weekend as high-risk and critical.
According to the ngCERT advisory, the criminal group is said to have been mailing out USB thumb drives to many organisations in the hope that recipients will plug them into their PCs and install the ransomware on their networks. While businesses are being targeted, criminals could soon begin sending infected USB drives to individuals.
The advisory further said the USB drives contain “BadUSB” attacks. The BadUSB exploits the versatility of the USB standard and allows an attacker to reprogramme a USB drive to emulate a keyboard to create keystrokes and commands on a computer. It then installs malware prior to the operating system booting, or spoofs a network card to redirect traffic.
Numerous attack tools are also installed during the process, allowing for the exploitation of personal computers (PCs), lateral network movement, and the installation of additional malware.The tools were used to deploy multiple ransomware strains, including BlackBatter and REvil.
According to ngCERT, the attack has been seen in the US, where the USB drives were sent in the mail through the postal and parcel services. One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.
However, ngCERT has offered recommendations that will enable corporate and individual networks to mitigate the impact of this new cyber attack and be protected from the ransomware.
A statement by the commission’s director of public affairs, Dr. Ikechukwu Adinde, said these recommendations include a call to individuals and organisations to not insert USB drives from unknown sources, even if they’re addressed to you or your organisation. In addition, if the USB drive comes from a company or a person one is not familiar with and trusts, it is recommended that one contact the source to confirm that they actually sent the USB drive.
Finally, ngCERT has advised information and communication technology as well as other Internet users to report any incident of system compromise to ngCERT via email@example.com, for technical assistance.