The Nigeria Computer Emergency Response Team (ngCERT) has detected increased ransomware attacks by the Phobos ransomware group, specifically targeting critical cloud service providers in Nigeria.
The body established by the Federal Government to reduce the volume of future computer risk incidents in Nigeria’s cyberspace revealed that the organisations most at risk include providers of information technology and telecommunication services, such as managed cloud services, whose clients include critical government agencies, financial institutions, telecommunications, education, healthcare, service providers, and Non-Governmental Organisations (NGOs) in the country.
According to the Nigerian Communications Commission (NCC), Nigeria has lost $500 million to cybercrime. This is due to the rising incidence of cyberattacks globally and locally. According to reports, a cyberattack occurs every 39 seconds, and cybercrimes have increased by nearly 300 percent since the COVID-19 outbreak.
Different studies have proved that the pandemic led to a surge in Internet usage and created a feasting ground for cyberattacks.
ngCERT highlighted that Phobos attackers enter vulnerable networks through phishing campaigns to deliver hidden payloads or by employing IP scanning tools like Angry IP Scanner to identify susceptible Remote Desktop Protocol (RDP) ports.
It noted that Phobos ransomware modifies firewall configurations, utilises evasion tools like Universal Virus Sniffer and Process Hacker, and employs token theft and privilege escalation techniques through Windows API functions to evade detection. It stated that these hackers deliver unique ransom notes and communicate with victims via email, voice calls, and instant messaging platforms.
The body explained that a successful attack could result in system compromise, ransom payment, data encryption or system lockout, data loss and exfiltration, financial losses, Denial of Service (DoS), and fraudulent activity using compromised systems.
While the body did not name already affected organisations, it stated that it actively collaborates with vulnerable and affected organisations to resolve their incidents and prevent further escalation.
It also listed other recommendations for relevant organisations in an advisory titled, ‘Escalation of Ransomware Attack in Nigeria.’ “It is essential for organisations to proactively implement the mitigation strategies outlined in this document to help prevent the spread of the malware,” ngCERT added.