Nigerian cloud provider affected in Phobos ransomware attack

At least one local cloud service provider has been hit by a Phobos ransomware attack as ngCERT works to resolve the incident.

Nigeria’s Computer Emergency Response Team (ngCERT) is “working with vulnerable and affected organizations to swiftly resolve incidents and prevent further escalation” after it detected an increase in ransomware attacks on local cloud service providers.

According to ngCERT’s statement on Monday, there was a rise in the use of Phobos, a ransomware-as-a-service that hackers use to gain access to a company’s infrastructure and encrypt their information. Once that information is encrypted, the hackers then begin extorting the company.

At least one Nigerian cloud provider has been hit with the Phobos ransomware, said one person at a government agency with direct knowledge of the matter, declining to name the company. 

Hackers took over the company’s infrastructure and encrypted their files, the same person said, declining to provide a timeline for the ransomware attack because he was not authorised to comment. 

Phobos attackers gain entry into vulnerable networks through phishing emails or using IP scanning tools to identify susceptible Remote Desktop Protocol (RDP) ports. When successful, such attacks lead to system compromise, ransom payment, data loss, financial losses, and fraudulent activity, ngCERT said.

For Nigerian cloud providers, the increase in ransomware attacks is bad business. These companies have positioned themselves as cheaper and more reliable alternatives to AWS and Microsoft Azure as more startups consider reducing cloud costs. Some Nigerian cloud providers have also lobbied the government to become their preferred choice for hosting sensitive government data.

*This is a developing story

Get the best African tech newsletters in your inbox