By John Ikani
The National Information Development Agency, NITDA has called for caution over a file-encrypting ransomware, IGVM, which restricts access to data.
The warning was contained in a statement signed by Mrs Hadiza Umar, Head, Corporate Affairs and External Relations of NITDA and made available to reporters in Abuja on Saturday.
How the virus works
According to the statement, the virus encrypts files with the “igvm” extension, limiting or completely blocking access to documents, images and videos.
NITDA explained that IGVM attempts to extort money from victims by requesting for “ransom”, in the form of Bitcoin cryptocurrency in exchange for access to the locked data.
The agency further explained that once virus locks the files, it then runs several commands via CMD.exe to delete Volume Shadow Copies from the system.
The virus can also stop the victims from restoring their file copies for free, using Windows tools and can also modify Windows HOSTS file by adding a list of domains to it.
How the virus spreads
The agency said the crypto-virus could spread in the form of web injectors, pirated software, spam emails, malicious software bundles, fake software updates, and deceptive online advertisements.
Panacea
NITDA urged Nigerians to ensure regular data backup and recovery plan for all critical information.
“Use application whitelisting to help prevent malicious software and unapproved programme from running.
“Keep operating system and software up-to-date with the latest patches.
“Maintain up-to-date anti-virus software, and scan all software downloaded from the internet before installing.
“Do not follow unsolicited web links in emails and do not download or open suspicious email attachments,” she advised.
“The so-called decryption tool can be faulty or fail to work due to data modification on your end.
“It is a way of funding an illegal business model, hence citizens should avoid it.
“The fact that ransomware operators collect millions in ransoms each year simply encourages people to join this cybercrime industry,” she said.
The agency further urged Nigerians to report related incidents by contacting NITDA Computer Emergency Readiness and Response Team via the email support@cerrt.ng or telephone +2348178774580.