The NCC wants to warn the public that a cybercriminal gang has devised a New Year’s Eve plot to transmit ransomware to targeted corporate networks.
The Nigerian Computer Emergency Response Team’s (ngCERT) report released over the weekend classified the new ransomware discovered by security specialists as high-risk and serious.
According to the ngCERT advice, the criminal group has been sending USB thumb drives to a number of businesses in the hopes that recipients will connect them into their computers and install the ransomware on their networks. Criminals may soon start distributing infected USB sticks to individuals, while corporations are being targeted.
The ngCERT notice claims the USB devices contain so-called ‘BadUSB’ attacks, which is how the cybercrime gang operates the ransomware. BadUSB takes advantage of the USB standard’s flexibility, allowing an attacker to reprogramme a USB device to act as a keyboard, allowing them to make keystrokes and commands on a computer. It then either installs malware or spoofs a network card to divert traffic prior to the operating system powering up.
Several attacking tools are also deployed as part of the operation, allowing for the exploitation of personal computers (PCs), network lateral movement, and the introduction of more malware. Multiple ransomware variants, such as BlackBatter and REvil, were deployed using the tools.
According to ngCERT, the incident took place in the United States, when USB sticks were mailed via the Postal Service and Parcel Service. One kind had a message that claimed to be a COVID-19 warning and was spoofing the US Department of Health and Human Services. Malicious USBs were also distributed in the mail with an Amazon gift card.
ngCERT, on the other hand, has provided advice that will allow business and individual networks to limit the impact of this new cyber-attack and remain safe from ransomware.
Individuals and organizations are advised not to insert USB sticks from unknown sources, even if they are addressed to you or your company. Furthermore, if the USB drive comes from a company or person with whom you are unfamiliar and do not have trust, it is recommended that you contact the source to confirm they provided the USB drive.
Finally, ngCERT has asked users of information and communication technology, as well as other Internet users, to report any system compromises to ngCERT via *email@example.com* for technical help.