By John Ikani
The Nigerian Communications Commission (NCC) has warned the public against installing USB devices from unknown sources, as such devices may contain ransomware.
The warning contained in a statement signed by the commission’s Director of Public Affairs, Dr. Ikechukwu Adinde, said the warning for Nigerians became necessary after the Nigerian Computer Emergency Response Team (ngCERT) identified the new ransomware as “high-risk and critical”.
According to an advisory by the ngCERT, corporate and individual networks are likely to be targeted by the criminal group said to have been mailing out USB thumb drives to many organisations in the hope that recipients will plug them into their PCs and install the ransomware on their networks.
While businesses are being targeted, criminals could soon begin sending infected USB drives to individuals, the Commission explained further.
It therefore urged the public to be vigilant to avoid falling victims of cyber attacks.
What the NCC is saying
“The attack has been seen in the US where the USB drives were sent in the mail through the Postal Service and Parcel Service. One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.
“The USB drives contain so-called ‘BadUSB’ attacks. The BadUSB exploits the USB standards versatility and allows an attacker to reprogram a USB drive to emulate a keyboard to create keystrokes and commands on a computer. It then installs malware prior to the operating system booting, or spoofs a network card to redirect traffic.
“Numerous attack tools are also installed in the process that allow for exploitation of personal computers (PCs), lateral movement across a network, and installation of additional malware. The tools were used to deploy multiple ransomware strains, including BlackBatter and REvil.”
The Commission, through ngCERT, recommended that operators protect their devices, and advised that suspected cyber intrusions be reported immediately.
“The recommendations include a call on individuals and organisations not to insert USB drives from unknown sources, even if they’re addressed to you or your organisation,” the commission said.
“In addition, if the USB drive comes from a company or a person one is not familiar with and trusts, it is recommended that one contacts the source to confirm they actually sent the USB drive.
“ngCERT has advised Information and Communication Technology as well as other Internet users to report any incident of system compromises to ngCERT via [email protected], for technical assistance.”