The Nigerian Communications Commission (NCC) has raised the alarm that a cybercrime group has perfected a new year scheme to deliver ransomware to targeted organisational networks.
The new ransomware uncovered by security experts, according to the agency has been categorised, by the Nigerian Computer Emergency Response Team’s (ngCERT) advisory released over the weekend, as high-risk and critical.
The ngCERT advisory, the criminal group is said to have been mailing out USB thumb drives to many organisations in the hope that recipients will plug them into their PCs and install the ransomware on their networks. While businesses are being targeted, criminals could soon begin sending infected USB drives to individuals.
Describing how the cybercrime group runs the ransomware, the ngCERT advisory says the USB drives contain so-called ‘BadUSB’ attacks. The BadUSB exploits the USB standards versatility and allows an attacker to reprogram a USB drive to emulate a keyboard to create keystrokes and commands on a computer. It then installs malware prior to the operating system booting, or spoofs a network card to redirect traffic.