Emma Okonji The Nigerian Communications Commission (NCC) at the weekend alerted corporate organisations about a new malicious cyber threat named Yanluowang Ransomware, which could cause devastative damage on institutional record…
The commission therefore urged organisations to adopt stronger cybersecurity measures like ensuring their employees use strong, unique passwords for every account and enabling multi-factor authentication (2FA) wherever it is supported to prevent ransomware attacks.
This warning was contained in an advisory NCC’s Director of Public Affairs, Mr. Reuben Muoka issued on Friday, advising organisations to ensure regular system backups.
According to NCC-Computer Security Incident Response Team (NCC-CSIRT) Ransomware is a malware designed to deny a user or organization access to files on their computer until they pay the attackers.
The advisory came after the threat actors gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s personal Google account containing credentials synced from their browser.
In its advisory Friday, NCC said User education” is critical in thwarting this type of attacks or any similar attacks, including ensuring that employees are aware of the legitimate channels through which support personnel will contact users.”
With this measure, the commission observed that employees “can identify fraudulent attempts to obtain sensitive information. Organizations should ensure regular systems backup.”
Cisco had reported the security incident on its corporate network but said it did not identify any impact on its business although the threat actors had published a list of files from this security incident on the dark web on August 10.
NCC-CSIRT estimated potential damage from the incident to be critical while predicting that successful exploitation of the ransomware would result in ransomware deployment to compromise computer systems, sensitive products and customers’ data theft and exposure, as well as huge financial loss to organizations by incurring significant indirect costs and could also mar their reputations.
The team said: “The first step to preventing ransomware attacks is to ensure that employees are using strong, unique passwords for every account and enabling multi-factor authentication (2FA) wherever it’s supported.”
“In response to the attack, Cisco has immediately implemented a company-wide password reset. Users of Cisco products should ensure a successful password reset.”
As a precaution, the company has also created two Clam AntiVirus signatures (Win.Exploit.Kolobko-9950675-0 and Win.Backdoor.Kolobko-9950676-0) to disinfect any potentially compromised assets.