NITDA alerts Nigerians to extortion plot against computer users
The National Information Technology Development Agency (NITDA) has alerted Nigerians to a new wave of ransomware meant to extort computer users in the country.
NITDA, the Federal Government’s agency in charge of technology development in the country, advises Nigerians to be wary of IGVM, a file-encrypting ransomware infection that restricts access to data (documents, images, videos).
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Essentially, it attempts to extort victims by requesting “ransom” in the form of Bitcoin cryptocurrency in exchange for access to data.
In a statement by its Head, Corporate Affairs and External Relations, Mrs. Hadiza Umar, NITDA revealed that the crypto-virus spreads through web injectors, pirated software, spam emails, malicious software bundles, fake software updates, and deceiving online ads.
According to the agency, IGVM ransomware virus operates by checking peoples’ computer system for target file formats and encrypting them using a private RSA key.
“Once the virus locks the files, it then runs several commands via CMD to delete Volume Shadow Copies from your system. It equally prevents the victims from restoring their file copies for free, using Windows tools. Next, the virus modifies Windows Hosts file by adding a list of domains to it. These domains are mostly computer or IT-related websites. The attackers capitalise on this measure to prevent the victim from seeking help or information online,” NITDA explained.
To prevent falling victim, the agency urged the public to ensure there is a regular data backup and recovery plan for all critical information; use application whitelisting to help prevent malicious software and unapproved programmes from running and to keep the operating system and software up-to-date with the latest patches.
NITDA also urged Nigerians to maintain up-to-date anti-virus software, and scan all software downloaded from the Internet before installing. People should not follow unsolicited web links in emails; should not download or open suspicious email attachments, and do not open emails from suspicious recipients.
“We strongly advise against ransom payments. Cybersecurity experts do not recommend paying because the criminals might stop responding as soon as you transfer money to their virtual wallet address; the so-called decryption tool can be faulty or fail to work due to data modification on your end, and there is a need to avoid funding this illegal business model. The fact that ransomware operators collect millions in ransoms each year simply encourages people to join this cybercrime industry.”