The National Information Technology Development Agency (NITDA) warned Nigerians to be wary of a new Ransomware called IGVM. The agency describes the malware attack as a file-encrypting Ransomware infection that restricts access to data (documents, images, videos) by encrypting files with the “igvm” extension.
According to the Agency, the attackers attempt to extort money from victims by requesting “ransom”, in the form of Bitcoin cryptocurrency in exchange for access to data.
“This crypto-virus spreads in different methods like web injectors, pirated software, spam emails, malicious software bundles, fake software updates, and deceiving online ads,” NITDA said.
The IT regulator added that the primary task of the IGVM ransomware virus is to check people’s computer systems for target file formats and encrypt them using a private RSA key. “Once virus locks the files, it then runs several commands via CMD.exe to delete Volume Shadow Copies from your system. It equally prevents the victims from restoring their file copies for free, using Windows tools.
“Next, the virus modifies Windows HOSTS file by adding a list of domains to it. These domains are mostly computer or IT-related websites, so the attackers capitalise on this measure to prevent the victim from seeking help or information online,” NITDA said.
To guard against the attack, NITDA advised Nigerian computer users to always back up their data and have a recovery plan for all critical information. “Use application whitelisting to help prevent malicious software and unapproved programs from running. Keep operating system and software up-to-date with the latest patches. Maintain up-to-date anti-virus software, and scan all software downloaded from the internet before installing,” the agency advised.
NITDA also advised computer users not to follow unsolicited web links in emails. “Do not download or open suspicious email attachments. Do not open emails from suspicious recipients. Furthermore, if paying up seems like the only reason to get your files back, we strongly advise against ransom payments,” NITDA advised.
NITDA noted that various cybersecurity experts do not recommend paying up due to many reasons, which include that “the criminals might stop responding as soon as money is transferred to their virtual wallet address; the so-called decryption tool can be faulty or fail to work due to data modification on your end; avoiding funding this illegal business model.”
It added that the fact that ransomware operators collect millions in ransoms each year encourages more people to join the cybercrime industry.