The Nigerian Communications Commission has alerted members of the public about a cybercrime group delivering ransomware to attack organizational networks.
The new ransomware categorised as high-risk by the Nigerian Computer Emergency Response Team’s (ngCERT), is used by the criminal group to mail out USB thumb drives to many organisations in the hope that recipients will plug them into their PCs and install the ransomware on their networks. Though the target for now is businesses, the advisory expressed fears that this might be extended to individuals.
The ngCERT advisory says the BadUSB exploits the USB standards versatility and allows an attacker to reprogram a USB drive to emulate a keyboard to create keystrokes and commands on a computer. It then installs malware prior to the operating system booting, or spoofs a network card to redirect traffic.
It also installs Numerous attack tools in the process that allows for exploitation of personal computers (PCs), lateral movement across a network, and installation of additional malware.
According to ngCERT, the attack has been seen in the US where the USB drives were sent in the mail through the Postal Service and Parcel Service. One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.
ngCERT therefore recommends that individuals and organisations should desist from inserting USB drives from unknown sources, even if they’re addressed to you or your organization. “In addition, if the USB drive comes from a company or a person one is not familiar with and trusts, it is recommended that one contacts the source to confirm they actually sent the USB drive.”, the advisory said.
ngCERT also advised Information and Communication Technology as well as other Internet users to report any incident of system compromises to ngCERT via incident@cert.gov.ng, for technical assistance.