Ransomware attacks targeting Vietnamese organizations appear

In recent days, through the ransomware attacks on the systems of two large enterprises, VNDIRECT and PVOIL, many agencies, organizations and enterprises in Vietnam have seen more clearly the level of danger of this cyber attack method. However, many domestic organizations and enterprises do not know where to start and what solutions they need to equip to protect their systems and data from ransomware attacks, a threat that exists for all organizations and is constantly increasing in sophistication and complexity.

According to the Department of Information Security (Ministry of Information and Communications), currently many information systems of agencies, organizations and enterprises in Vietnam are being targeted by hacker groups, especially ransomware attack groups.

In the first 3 months of this year, through analyzing more than 150 million warnings about security risks in Vietnam's cyberspace recorded from technical systems, the Department of Information Security identified more than 300,000 cyber attack risks targeting information systems nationwide.

Also in the first quarter of 2024, through the system of the National Cyberspace Monitoring Center - NCSC, the Department of Information Security recorded more than 13,000 information security events related to ransomware on information systems.

Informing VietNamNet on the morning of April 6, the Department of Information Security said that through monitoring and supervising cyber attacks in recent times, the agency has noticed that ransomware attack campaigns are emerging against agencies, organizations, and businesses in Vietnam, especially those operating in important fields such as finance, banking, energy, telecommunications, etc., causing property damage, reputation damage, and business disruption for units experiencing incidents caused by ransomware.

Analysis by experts from the Department of Information Security shows that ransomware attacks today often start from a security weakness of an agency or organization. Attackers penetrate the system from that weakness, maintain presence, expand the scope of intrusion and control the organization's IT infrastructure.

In particular, instead of attacking terminal users or individual systems, encrypting data on a few server clusters as before, ransomware attack groups now, after infiltrating and lying dormant in the system, will launch an attack, paralyzing the entire system and encrypting all data of the victim organization, with the goal of blackmailing the organization that wants to retrieve the encrypted data.

In addition to increasingly professional ransomware attacks, experts also believe that the reason why many hacker groups have recently launched ransomware attacks on systems in Vietnam is because many Vietnamese organizations and businesses have not fully ensured information security for their systems.

Nine Basic Measures to Prevent Ransomware Attacks

In the face of the recent wave of ransomware attacks targeting the systems of agencies and organizations in Vietnam, in parallel with supporting the attacked units, the Department of Information Security has also continuously issued warnings and requests to strengthen measures to protect information systems, especially important systems that store and process a lot of user data.

Specifically, immediately after VNDIRECT was attacked, the Information Security Department instructed securities companies on the tasks that need to be focused on to ensure information security for information systems, especially customer account management systems, serving online securities transactions.

Then, on March 30, realizing the increasing trend of ransomware attacks on domestic organizations, the Department of Information Security warned and instructed agencies, organizations and businesses nationwide on what to do to protect their systems from this particularly dangerous form of cyber attack.

To make it easier for agencies, organizations and businesses to deploy solutions to prevent ransomware attacks, after more than 3 days of urgent development, on April 6, the Department of Information Security launched the 'Handbook on preventing and minimizing risks from ransomware attacks'. This is a useful document to help units proactively prevent and protect information systems from potential cyber attacks. Organizations and businesses can download this handbook on the NCSC's Khonggianmang.vn portal.

In addition to some instructions on how to restore the system after detecting a ransomware attack, the handbook also provides specific instructions on 9 measures to prevent and minimize risks from ransomware attacks for agencies, organizations and businesses, aiming at the common goal of ensuring national cyber security.

Of the 9 measures to prevent and minimize risks from ransomware attacks recommended in the handbook, the first measure is to develop a plan to backup and restore data for important systems and information.

Experts note that the goal of ransomware attacks is to prevent data from being recovered after it has been encrypted. As a result, attackers often find and collect credentials stored in the system, using those credentials to access backup and recovery solutions; and then delete or encrypt backups.

“We recommend performing “offline” backups, not leaving backups in an environment connected to the network infrastructure. Perform regular backups and ensure that the data in the backups is complete, thereby limiting and minimizing the impact of data loss (when encrypted) and speeding up the recovery process when an incident occurs,” the expert from the Department of Information Security suggested.

The Department of Information Security hopes to receive active cooperation and cooperation from media agencies and the press to disseminate content on preventing and minimizing risks from ransomware attacks to all subjects participating in online activities, thereby contributing to improving the capacity to proactively respond and detect early risks of cyber attacks of organizations and businesses in Vietnam.

'Paths' hackers use to penetrate systems to attack and encrypt data Being attacked by ransomware like the situation VNDIRECT encountered is a concern for many businesses and organizations. Knowing the "paths" hackers often use to penetrate systems will help units defend against this risk.