BusinessCrimeNewsSecurity

Ransomware Attack: NCC-CSIRT Calls For Stronger Security Measures As ‘Yanluowang’ Escalates

The Nigerian Communications Commission (NCC) has asked organizations in the country to adopt stronger cybersecurity measures to prevent the latest ‘Yanluowang’ ransomware attack.

The NCC Computer Security Incident Response Team (NCC-CSIRT) made the call in its August 2022 advisory after the Yanluowang ransomware attack on Cisco’s network through an employee’s stolen credentials.

In a statement NCC said the attackers gained access into Cisco’s system after they first hijacked the employee’s personal Google account containing credentials synced from their browser.

The NCC-CSIRT’s recommended preventive measures include; ensuring that organisations’ employees use strong, unique passwords for every account and enabling multi-factor authentication (2FA) wherever it is supported to prevent ransomware attacks as well as advising organisations to ensure regular systems backup.

Ransomware is a malware designed to deny a user or organization access to files on their computer until they pay the attackers.

According to the statement, Cisco reported the security incident on its corporate network but said it did not identify any impact on its business although the threat actors had published a list of files from the security incident on the dark web on August 10.

The statement read in part; “NCC-CSIRT estimates potential damage from the incident to be critical while predicting that successful exploitation of the ransomware will result in ransomware deployment to compromise computer systems…

“Sensitive products and customers’ data theft and exposure, as well as huge financial loss to organizations by incurring significant indirect costs and could also mar their reputations.

“The first step to preventing ransomware attacks is to ensure that employees are using strong, unique passwords for every account and enabling multi-factor authentication (2FA) wherever it’s supported.”

It further disclosed that “In response to the attack, Cisco has immediately implemented a company-wide password reset. Users of Cisco products should ensure a successful password reset.

“As a precaution, the company has also created two Clam AntiVirus signatures (Win.Exploit.Kolobko-9950675-0 and Win.Backdoor.Kolobko-9950676-0) to disinfect any potentially compromised assets. Clam AntiVirus Signatures (or ClamAV) is a multi-platform antimalware toolkit that can detect a wide range of malware and viruses.

“User education is critical in thwarting this type of attacks or any similar attacks, including ensuring that employees are aware of the legitimate channels through which support personnel will contact users, so that employees can identify fraudulent attempts to obtain sensitive information. Organisations should ensure regular systems backup,” the advisory urged.

The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.

The CSIRT also works collaboratively with the Nigeria Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risks incidents by preparing, protecting and securing the Nigerian cyberspace to forestall attacks, problems or related events.

Comment here