The Nigeria Computer Emergency Response Team (ngCERT) has detected a rise in ransomware attacks by the Phobos ransomware group, targeting critical cloud service providers in Nigeria. NgCERT, established by the Federal Government to mitigate computer risk incidents in Nigeria’s cyberspace, revealed that the most at-risk organizations include providers of IT and telecommunication services, such as managed cloud services. These providers’ clients include critical government agencies, financial institutions, telecommunications, education, healthcare providers, and Non-Governmental Organisations (NGOs).
ALSO READ: UNDP to Raise $1 Billion to Establish Startup Hubs Across Africa
Impact of Cybercrime in Nigeria
The Nigerian Communications Commission (NCC) reported that Nigeria has lost $500 million to cybercrime due to the rising incidence of cyberattacks globally and locally. Cyberattacks occur every 39 seconds, and cybercrimes have increased by nearly 300 percent since the COVID-19 outbreak. The pandemic led to a surge in internet usage, creating a fertile ground for cyberattacks.
Phobos Ransomware Attack Details
Editor’s Choice
NgCERT highlighted the tactics used by Phobos attackers:
- Phishing Campaigns: Used to deliver hidden payloads.
- IP Scanning Tools: Tools like Angry IP Scanner identify susceptible Remote Desktop Protocol (RDP) ports.
- Firewall Modification: Phobos ransomware modifies firewall configurations to evade detection.
- Evasion Tools: Tools like Universal Virus Sniffer and Process Hacker help in evasion.
- Token Theft and Privilege Escalation: Techniques through Windows API functions are employed to escalate privileges.
- Ransom Notes: Hackers deliver unique ransom notes and communicate with victims via email, voice calls, and instant messaging platforms.
Consequences of Successful Attacks
A successful ransomware attack by the Phobos group can result in:
- System compromise
- Ransom payment
- Data encryption or system lockout
- Data loss and exfiltration
- Financial losses
- Denial of Service (DoS)
- Fraudulent activity using compromised systems
Response and Recommendations
NgCERT, while not naming already affected organizations, stated it is actively collaborating with vulnerable and affected organizations to resolve incidents and prevent further escalation. The body has issued an advisory titled “Escalation of Ransomware Attack in Nigeria,” recommending that organizations:
- Implement proactive mitigation strategies to prevent the spread of malware.
- Strengthen their cybersecurity measures to protect against phishing and IP scanning attacks.
- Regularly update and patch their systems to close vulnerabilities.
- Train employees on recognizing and avoiding phishing attempts.
- Back up critical data regularly and securely.
Conclusion
The increase in ransomware attacks by the Phobos ransomware group highlights the growing cyber threat landscape in Nigeria. Organizations, especially those in critical sectors, must take proactive measures to strengthen their cybersecurity posture to protect against such attacks.
