Ransomware attacks continue to increase sharply In the first months of this year, Vietnam's cyberspace has recorded a number of cyberattacks, especially ransomware attacks. These incidents have not only disrupted operations and caused material and image damage to agencies, organizations and businesses that were attacked; but also affected the activities of ensuring national cyberspace security. Also in the past 10 months, the Department of Information Security (Ministry of Information and Communications) has repeatedly warned domestic agencies, organizations and businesses about the increasing trend of ransomware attacks. Speaking at the recent opening event of the DF Cyber ​​Defense 2024 exercise, Acting Director of the Department of Information Technology - State Bank of Vietnam Le Hoang Chinh Quang reminded the information security staff of nearly 50 banks and financial institutions about the recent serious ransomware attacks on organizations and businesses in Vietnam; There is even an organization in the financial sector that is a victim of a ransomware attack.

Information security officers from 46 banks and financial institutions practiced defense and response to possible attacks in Vietnam's cyberspace at the DF Cyber ​​Defense 2024 exercise. Photo: Van Anh

In a new study on the risk of information security loss in Vietnam in the third quarter of 2024, Viettel Cyber ​​Security said that ransomware and information-stealing malware - stealer are strong malware lines, often used in attacks on domestic systems. Compared to the first two quarters of 2024, ransomware attacks in the third quarter were found to have signs of decreasing in number, but the level of impact was still very large when large companies and organizations became the most targeted. Hacker groups often take advantage of many methods to spread ransomware, including phishing emails, creating fake websites and using security holes to infiltrate the system. A main target of ransomware is vulnerable servers, where there is a lot of important data and a great opportunity to demand ransom. In particular, many risks of ransomware attacks encrypting data and virtualizing infrastructure of businesses and organizations in Vietnam were recorded in the third quarter. The attackers escalated their attacks, infiltrated deep into the system, and performed encryption using the following methods: Taking advantage of vulnerabilities in public applications in the organization such as email, website, etc.; stealing login accounts for important systems of the organization; unsecured data backup and partition policies, etc. Along with that, in the third quarter, experts have issued many warnings about different types of stealer malware targeting ASEAN and Vietnam; new types of stealers spread through malware packages on Github. 5 ransomware and stealer groups operating strongly in Vietnam Notably, the new report from Viettel Cyber ​​Security also pointed out the ransomware and stealer groups operating strongly in Vietnam in the third quarter of 2024, including 2 ransomware groups Lockbit, Blackcat and 3 stealer groups Atomic, Braodo and Golden Pickaxe. Both ransomware groups Lockbit and Blackcat operate under the 'Ransomware as a service' model; Lockbit mainly targets businesses and organizations, while Blackcat affects Windows users.

Ransomware Lockbit is one of five groups of data encryption and information theft malware that have been recorded to be active in Vietnam in the three months of July, August and September this year. Illustration photo: Internet

With 3 popular stealer groups, Atomic targets the MacOS operating system, is widely sold on Telegram as a service, and has the function of stealing cryptocurrency wallet credentials and passwords. Golden Pickaxe uses social engineering attacks to trick victims into providing access and personal information including facial videos, and from there steals money in the victim's bank account. As a malware that is spread by tricking users into downloading attachments containing malicious code such as BAT, HTA or MSI, Braodo steals the victim's account information on many popular browsers such as Chrome, Firefox, Opera... Experts recommend that agencies and organizations need to synchronously deploy many solutions to prevent and promptly respond to attacks, including attacks using ransomware and stealer malware. In particular, proactively searching for potential threats and risks and regularly monitoring 24/7 to detect and respond early to attacks are two measures that receive special attention.

Vietnamnet.vn

Source: https://vietnamnet.vn/5-nhom-ma-doc-ma-hoa-du-lieu-danh-cap-thong-tin-hoat-dong-manh-tai-viet-nam-2338020.html