At least one local cloud service provider has been hit by a Phobos ransomware attack as ngCERT works to resolve the incident.
Nigeria’s Computer Emergency Response Team (ngCERT) is “working with vulnerable and affected organizations to swiftly resolve incidents and prevent further escalation” after it detected an increase in ransomware attacks on local cloud service providers.
According to ngCERT’s statement on Monday, there was a rise in the use of Phobos, a ransomware-as-a-service that hackers use to gain access to a company’s infrastructure and encrypt their information. Once that information is encrypted, the hackers then begin extorting the company.
At least one Nigerian cloud provider has been hit with the Phobos ransomware, said one person at a government agency with direct knowledge of the matter, declining to name the company.
Hackers took over the company’s infrastructure and encrypted their files, the same person said, declining to provide a timeline for the ransomware attack because he was not authorized to comment.
Phobos attackers gain entry into vulnerable networks through phishing emails or using IP scanning tools to identify susceptible Remote Desktop Protocol (RDP) ports. When successful, such attacks lead to system compromise, ransom payment, data loss, financial losses, and fraudulent activity, ngCERT said.
For Nigerian cloud providers, the increase in ransomware attacks is bad business. These companies have positioned themselves as cheaper and more reliable alternatives to AWS and Microsoft Azure as more startups consider reducing cloud costs. Some Nigerian cloud providers have also lobbied the government to become their preferred choice for hosting sensitive government data.
A local cloud service provider in Nigeria has fallen victim to a Phobos ransomware attack, prompting the nation’s Computer Emergency Response Team (ngCERT) to step in.
ngCERT is working with affected organizations to resolve the situation and prevent further escalation, following a noticeable uptick in ransomware attacks targeting local cloud providers.
On Monday, ngCERT reported an increase in the use of Phobos, a ransomware-as-a-service tool that allows hackers to infiltrate a company’s infrastructure and encrypt its data. The hackers then demand ransom in exchange for the decryption key.
A government agency insider, who preferred to remain anonymous, confirmed that at least one Nigerian cloud provider has been compromised by Phobos. The hackers managed to gain control of the company’s infrastructure and encrypt their data. However, the insider declined to provide further details or a timeline for the attack, as they were not authorized to speak on the matter.
Phobos ransomware typically breaches networks through phishing emails or by exploiting vulnerable Remote Desktop Protocol (RDP) ports using IP scanning tools. Such breaches can result in system compromises, ransom payments, data loss, financial losses, and fraudulent activities, according to ngCERT.
The surge in ransomware attacks spells trouble for Nigerian cloud providers, who market themselves as cost-effective and reliable alternatives to giants like AWS and Microsoft Azure. These providers have also been lobbying the government to choose them for hosting sensitive data.
Author
About The Author
