The National Information Technology Development Agency (NITDA) has cautioned Nigerians against IGVM, a file-encrypting ransomware infection that attempts to extort money from victims by requesting for ransom in the form of Bitcoin cryptocurrency in exchange for access to data.
Head, corporate affairs and external relations, NITDA, Mrs Hadiza Umar, who conveyed the public alert in a press statement made available to LEADERSHIP, said the crypto-virus spreads in different methods like web injectors, pirated software, spam emails, malicious software bundles, fake software updates, and deceiving online ads.
She explained that the primary task of IGVM ransomware virus was to check computer system for target file formats and encrypt them using a private RSA key.
“Once virus locks the files, it then runs several commands via CMD.exe to delete Volume Shadow Copies from your system and prevents the victims from restoring their file copies for free, using Windows tools,” she added.
She noted that the virus also modifies Windows Hosts file by adding a list of domains to it while adding that the domains are mostly computer or IT-related websites that the attackers capitalise on the measure to prevent the victim from seeking help or information online.
She urged Nigerians to ensure regular data backup and recovery plan for all critical information and use application whitelisting to help prevent malicious software and unapproved programs from running.
“Keep operating system and software up-to-date with the latest patches. Maintain up-to-date anti-virus software, scan all software downloaded from the internet before installing, do not follow unsolicited web links in emails, do not download or open suspicious email attachments and do not open emails from suspicious recipients,” she said.
She advised against ransom payment to get files back.
“Various cybersecurity experts do not recommend paying up due to the fact that criminals might stop responding as soon as money is transferred to their virtual wallet address and the so-called decryption tool can be faulty or fail to work due to data modification on your end.
“Avoiding funding this illegal business model. The fact that ransomware operators collect millions in ransoms each year simply encourages people to join this cybercrime industry,” she added.
