Faced with the increasing number of ransomware attacks in Vietnam, on April 6, the Department of Information Security (Ministry of Information and Communications) published a "Handbook on preventing and minimizing risks from ransomware attacks".

According to the Department of Information Security, in the first quarter of 2024, the agency's experts identified more than 300,000 cyber-attack risks targeting information systems nationwide. The National Cyber ​​Security Center (NCSC) recorded more than 13,000 information security events related to ransomware on information systems, causing certain impacts.

A representative of the Department of Information Security said that there are ransomware attacks targeting agencies, organizations and businesses in Vietnam, causing property damage, affecting the reputation and disrupting business operations of affected units.

Ransomware attacks often start from a security weakness of an agency or organization. The attacker penetrates the system, maintains presence, expands the scope of intrusion, and controls the organization's information technology infrastructure, paralyzes the system, and forces the victim organization to perform the extortion that the attacker is aiming for.

Faced with this situation, the Department of Information Security has developed a handbook on a number of measures to prevent and minimize risks from ransomware attacks for agencies, organizations, and businesses, aiming to ensure national cyber security.

The handbook on preventing and minimizing risks from ransomware attacks will be a useful document to help agencies, organizations and businesses proactively prevent and protect their important information systems from potential cyber attacks.

Agencies, units, organizations and businesses can download this handbook on NCSC's Khonggianmang.vn portal.

In addition to some instructions on how to restore the system after detecting a ransomware attack, the handbook also provides specific instructions on 9 measures to prevent and minimize risks from ransomware attacks for agencies, organizations and businesses, aiming at the common goal of ensuring national cyber security.

Among the 9 measures to prevent, combat and minimize risks from ransomware attacks recommended in the handbook, the first measure is to develop a plan to backup and restore data for important systems and information.

Experts note that the goal of ransomware attacks is to prevent data from being recovered after it has been encrypted. As such, attackers often find and collect credentials stored in the system, using those credentials to access backup and recovery solutions; thereby deleting or encrypting backups.

The representative of the Information Security Department recommends that agencies, units and enterprises should perform offline backups, not leaving backups in an environment connected to the network infrastructure. Perform regular backups and ensure that the data of the backups is complete, thereby limiting and minimizing the impact of data loss (when encrypted) and speeding up the recovery process when an incident occurs.