The Nigerian Communications Commission, NCC, has alerted members of the public that a cybercrime group has perfected a new year scheme to deliver ransomware through infection USB drives to target organizational networks.
The new ransomware uncovered by security experts has been categorised, by the Nigerian Computer Emergency Response Team’s, ngCERT, advisory released over the weekend, as high-risk and critical.
It said: “According to the ngCERT advisory the criminal group is said to have been mailing out USB thumb drives to many organizations in the hope that recipients will plug them into their personal computers, PCs, and install the ransomware on their networks.
How it Attack Your Network Computer
The USB drives contain so-called ‘BadUSB’ attacks. The BadUSB exploits the USB standards versatility and allows an attacker to reprogram a USB drive to emulate a keyboard to create keystrokes and commands on a computer.
“It then installs malware prior to the operating system booting or spoofing a network card to redirect traffic.
Numerous attack tools are also installed in the process that allows for exploitation of PCs, lateral movement across a network, and installation of additional malware. The tools were used to deploy multiple ransomware strains, including BlackBatter and REvil.
“The ngCERT noted that the attack has been seen in the US where the USB drives were sent in the mail through the Postal Service and Parcel Service.
It said: “One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.”
Meanwhile, to stay safe, the Commission said ngCERT recommends that individuals and organisations must not insert USB drives from unknown sources, even if they’re addressed to you or your organization.