On Monday, companies across the globe woke up to find they were under attack. A virus known as “Wanna Cry” started infecting computers
before the weekend, but many did not find out until they started trying to open files with the start of the work week. So far, more than 200,000 systems have been infected in over 150 countries around the world.
It is in this light that the Nigerian Communications Commission (NCC) in fulfilment of its statutory mandate to assure the security and integrity of the national telecommunications network wishes to alert all operators and their respective subscribers of the recent outbreak of a Ransomware Virus known as “WannaCry”.
The commission noted that the Ransomware is capable of infecting and encrypting all files on a system or any smart device until an amount is paid for a decryption key, or other means of retrieval (which may lead to data loss) are used to recover the system as an alternative. This situation demands that proactive measures be taken by all players in the telecommunication eco-system to forestall the hazards of critical data loss, financial losses and ultimately network/business disruption.
According to a statement issued, the commission therefore wishes to advise that the following protective measures be taken, amongst others:
- To obtain software patch released by Microsoft in March 2017 to fix the Ransomware Virus.
- To plan scheduled penetration tests on the networks and systems to ensure protection and availability at all times.
- Subscribers who use their smartphones as substitutes to computers for internet access should protect themselves and their devices by:
- Not opening e-mail attachments/links from unknown sources.
- Not clicking pop-ups and applets on unknown websites.
- Installing effective antivirus software for their mobile devices.
Furthermore, the NCC has taken the following proactive measures in fulfilling its statutory mandate:
The Commission also advised Mobile Network Operators (MNOs) to: Initiate regular assessment and audit of their cybersecurity readiness. All operators should continue to ensure that their backup/ disaster recovery strategies are in place and up to date, and also ensure continued deployment of effective firewalls, login passwords and antivirus management regime.
The Commission has further advised all operators to ensure continued deployment of effective firewalls, login passwords and antivirus management regime.
The Commission is working towards creating a link with the Cybersecurity Alert System on its website so that current information on global cyber threats/incidents could be immediately communicated to stakeholders. The Commission will continue to provide more cybersecurity training for its staff.