Nigeria’s national cybersecurity team, ngCERT, is actively engaged in managing and mitigating a series of ransomware attacks targeting local cloud service providers, including at least one confirmed incident involving Phobos ransomware.
In a recent statement released on Monday, ngCERT reported a surge in ransomware attacks, particularly those leveraging Phobos, a ransomware-as-a-service operation. This type of attack involves cybercriminals infiltrating a company’s network, encrypting sensitive data, and then demanding payment to restore access.
An individual from a government agency, who has intimate knowledge of the situation but requested anonymity due to lack of authorization to speak publicly, confirmed that a Nigerian cloud service provider has fallen victim to a Phobos ransomware attack. The specifics of the company involved and the timeline of the attack were not disclosed.
The modus operandi of Phobos attackers typically involves the use of phishing techniques or the exploitation of vulnerable Remote Desktop Protocol (RDP) ports identified through IP scanning tools. Successful attacks can result in severe consequences, including system breaches, ransom demands, loss of data, financial damage, and other fraudulent activities, as outlined by ngCERT.
For cloud service providers in Nigeria, the uptick in ransomware incidents poses a significant threat to their business model. These providers have been marketing themselves as cost-effective and reliable alternatives to major international cloud platforms like AWS and Microsoft Azure, especially as startups seek ways to cut down on cloud expenses.
Additionally, some Nigerian cloud service providers have been advocating for government endorsement, aiming to become the go-to hosts for sensitive state-held data. The recent ransomware attacks, however, could undermine their efforts to establish trust and security in their services.
