How BadUSB Works Photo: ProDaft

NCC alerts consumers to ‘BadUSB’ ransomware attacking organisations’ networks

*BadUSB exploits the USB standards versatility, and allows a cybercriminal to reprogramme a USB drive to emulate a keyboard to create keystrokes and commands on a computer

Gbenga Kayode | ConsumerConnect

The Nigerian Communications Commission has alerted members of the Nigerian public that a cybercrime group has perfected a New Year scheme to deliver ransomware named ‘BadUSB’ attacks to targeted organisational networks.

The country’s telecoms regulatory Commission said that the new ransomware uncovered by security experts has been categorised as high-risk and critical, according to the Nigerian Computer Emergency Response Team’s (ngCERT) advisory released over the weekend.

Dr. Ikechukwu Adinde, Director of Public Affairs at NCC, in a statement issued Saturday, January 15, 2022, said the ngCERT advisory also noted that the criminal group may have been mailing out USB thumb drives to many organisations in the hope that recipients will plug them into their Personal Computers (PCs), and install the ransomware on their networks in the process.

How BadUSB works

‘While businesses are being targeted, criminals could soon begin sending infected USB drives to individuals,” the NCC said.

READ ALSO Cybersecurity: Nigeria Designs Protection Plan For Critical National Information Infrastructure

On how the cybercriminal group runs the ransomware, the ngCERT advisory says the USB drives contain so-called ‘BadUSB’ attacks.

The Commission further stated: “The BadUSB exploits the USB standards versatility and allows an attacker to reprogramme a USB drive to emulate a keyboard to create keystrokes and commands on a computer.

“It then installs malware prior to the operating system booting, or spoofs a network card to redirect traffic.

It is also noted that several attack tools are installed in the process that allows for exploitation of personal computers (PCs), lateral movement across a network, and installation of additional malware.

RELATED: Telecoms Regulator Urges Responsible Use Of Internet, Protection Of Telecoms Infrastructure

“The tools were used to deploy multiple ransomware strains, including BlackBatter and REvil,” the statement said.

According to ngCERT, the attack has been seen in the United States (US) where the USB drives were sent in the mail through the Postal Service and Parcel Service.

“One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning.

READ ALSO: NCC Alerts Telecoms Consumers To Flubot Android Malware, Lists Measures Against Attack

“Other malicious USBs were sent in the post with a gift card claiming to be from Amazon,” said the Commission.

ngCERT recommendations to protect networks from BadUSB attacks  

In protecting individual and organisational networks, however, ngCERT has offered recommendations that will enable corporate and individual networks to mitigate the impact of this new cyberattack, and get protected from the ransomware.

RELATED: Danbatta Restates NCC’s Commitment To Broadband, Consumer Protection, Digital Economy

These recommendations include a call on individuals and organisations not to insert USB drives from unknown sources, even if they are addressed to you or your organisation, NCC said.

Besides, the Commission noted if the USB drive comes from a company or a person one is not familiar with and trusts, it is recommended that one contacts the source to confirm they actually sent the USB drive in order to ward off BadUSB ransomware attacks.

ngCERT has advised Information and Communication Technology (ICT) as well as other Internet service consumers to report any incident of system compromises to ngCERT via, for technical assistance, the NCC stated.

ConsumerConnect reports a USB is able to connect to several devices, including cameras, keyboards, modems, webcams, wireless networking devices, and others.

However, BadUSB as an attack exploiting an inherent vulnerability in USB firmware as was first discovered and exposed by security researchers Karsten Nohl and Jakob Lell at the 2014 Black Hat conference.

The BadUSB code is currently available to the public via the code-sharing site, Github, meaning that anyone, even those with little or no tech expertise, can launch a full-blown BadUSB attack against individual or organisational networks.

Accordingly, this exposes such networks to a whole range of security attacks, such as logic bombs, data theft, ransomware, and more, according to cybersecurity experts.

Kindly Share This Story