The Nigerian Computer Emergency Response Team (ngCERT) has issued an urgent warning regarding a significant increase in ransomware attacks targeting the nation’s critical cloud service providers. The primary perpetrator of these attacks is the Phobos ransomware group, a sophisticated cybercriminal organization known for its ransomware-as-a-service (RaaS) model.
Phobos operates by infiltrating vulnerable networks through phishing campaigns or exploiting weaknesses in Remote Desktop Protocol (RDP) ports. Once inside, the attackers deploy their ransomware payload, encrypting valuable data and demanding ransom payments for its release. This malicious activity poses a grave threat to various sectors, including government agencies, financial institutions, telecommunication companies, educational institutions, healthcare providers, and non-governmental organizations (NGOs).
NgCERT has observed a concerning rise in the use of Phobos ransomware, which allows even less technically skilled attackers to launch sophisticated cyberattacks. This accessibility has led to a surge in ransomware incidents, causing significant disruptions and financial losses for affected organisations.
The agency is actively collaborating with vulnerable and affected entities to mitigate the impact of these attacks and prevent further escalation. NgCERT is also working to raise awareness about the threat posed by Phobos and other ransomware groups, urging organizations to implement robust security measures to protect their systems and data.
In light of this escalating threat, ngCERT recommends that organisations take immediate action to secure their RDP ports, patch known vulnerabilities, implement endpoint detection and response (EDR) solutions, and disable unnecessary command-line and scripting activities. They also advise network segmentation to control traffic and restrict lateral movement, as well as regular reviews of domain controllers and workstations for unauthorised accounts.
The rise of ransomware attacks in Nigeria underscores the urgent need for heightened cybersecurity measures across all sectors. By proactively addressing vulnerabilities and implementing robust security practices, organizations can better protect themselves from the devastating impact of ransomware and safeguard the nation’s critical infrastructure.
