How Phobos ransomware target Nigerians and businesses

• The Nigerian government has asked its citizens to be on alert over an increasing wave of ransomware attacks
• It disclosed that it has detected an increase in ransomware attacks by Phobos ransomware
• It asked organizations to secure remote desktop protocol (RDP) ports to prevent threat actors from abusing its tools

Legit.ng’s Pascal Oparada has reported on tech, energy, stocks, investment, and the economy for over a decade.

The Nigerian government has alerted its citizens to the increasing wave of ransomware attacks on businesses and individuals.

The Nigeria Computer and Emergency Response Team (ngCERT) disclosed this on its X handle.

Nigerians and businesses targeted in a new wave of Phobos ransomware attacks Credit: NurPhoto/Contributor
Source: Getty Images

New ransomware targets cloud services

The ngCERT team, which rated the attacks as high and critical, is Nigeria’s Internet police unit under the National Security Adviser (NSA) office. 

PAY ATTENTION: Share your outstanding story with our editors! Please reach us through info@corp.legit.ng!

It disclosed that it had detected increased ransomware attacks by Phobos ransomware, targeting critical cloud service providers within Nigeria’s cyberspace.

The team said it is partnering with vulnerable and affected organizations to resolve the incidents and prevent more attacks quickly.

List of top targets

The body listed the most at-risk entities, including tech and telecommunication providers.

Other areas include education, healthcare, service providers, and NGOs.

It asked organizations to secure remote desktop protocol (RDP) ports to prevent threat actors from abusing and leveraging its tools.

According to reports, the agency disclosed that Phobos attackers gain entry into weak networks via phishing campaigns to deliver hidden payloads or by employing IP scanning tools like angry IP scanners to identify vulnerable RDP ports.

Nigerian banks sack employees over fraud

Reports say the attackers also use RDP in Microsoft Windows environments, adding that they deploy spoofed email attachments containing payloads like smoke loaders to initiate injections.

The development comes amid an increasing wave of insider fraud in Nigerian banks.

Legit.ng reported that commercial banks in the country sacked 93 employees over fraud after a member of staff of one bank stole about N44 billion from customers’ accounts.

NCC warns Nigerians to remove 5 Google Chrome extensions

Legit.ng reported that the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has identified five malicious Google Chrome Extensions.

According to the commission, the extensions surreptitiously track online browser activities and steal users' data.

NCC announced this in a press release posted on its website and obtained by Legit.ng.

Source: Legit.ng