The National Information Technology Development Agency (NITDA) has alerted Nigerians to be wary of a file-encrypting Ransomware infection that restricts access to data (documents, images, videos) by encrypting files with the “igvm” extension.
It attempts to extort money from victims by requesting for “ransom”, in the form of Bitcoin cryptocurrency in exchange for access to data, the agency said in a statement yesterday.
“This crypto-virus spreads in different methods like web injectors, pirated software, spam emails, malicious software bundles, fake software updates, and deceiving online ads”, the statement signed by NITDA’s Head of Corporate Affairs and External Relations, Hadiza Umar, said.
It explained further: “The primary task of IGVM ransomware virus is to check your computer system for target file formats and encrypt them using a private RSA key. Once virus locks the files, it then runs several commands via CMD.exe to delete Volume Shadow Copies from your system. It equally prevents the victims from restoring their file copies for free, using Windows tools. Next, the virus modifies Windows HOSTS file by adding a list of domains to it. These domains are mostly computer or IT-relates websites, so the attackers capitalize on this measure to prevent the victim from seeking help or information online”.
