The Nigerian Communications Commission (NCC) in fulfilment of its statutory mandate to assure the security and integrity of the national telecommunications network wishes to alert all operators and their respective subscribers of the recent outbreak of a Ransomware Virus known as “WannaCry”.
The Ransomware is capable of infecting and encrypting all files on a system or any smart device until an amount is paid for a decryption key, or other means of retrieval (which may lead to data loss) are used to recover the system as an alternative.
This situation demands that proactive measures be taken by all players in the telecommunication eco-system to forestall the hazards of critical data loss, financial losses and ultimately network/business disruption.
The NCC, therefore, wishes to advise that the following protective measures be taken, amongst others:
- To obtain software patch released by Microsoft in March 2017 to fix the Ransomware Virus.
- To plan scheduled penetration tests on the networks and systems to ensure protection and availability at all times.
- Subscribers who use their smartphones as substitutes to computers for internet access should protect themselves and their devices by:
- Not opening e-mail attachments/links from unknown sources.
- Not clicking pop-ups and applets on unknown websites.
- Installing effective antivirus software for their mobile devices.
Furthermore, the NCC has taken the following proactive measures in fulfilling its statutory mandate:
- The Commission has advised Mobile Network Operators (MNOs) to initiate regular assessment and audit of their cybersecurity readiness. All operators should continue to ensure that their backup/ disaster recovery strategies are in place and up to date.
- The Commission has further advised all operators to ensure continued deployment of effective firewalls, login passwords and antivirus management regime.
- The Commission is working towards creating a link with the Cybersecurity Alert System on its website so that current information on global cyber threats/incidents could be immediately communicated to stakeholders.
- The Commission will continue to provide more cybersecurity training for its staff.