'Nightmare' for both small and medium enterprises
Ransomware attacks are not new but are becoming increasingly popular, a common problem for many businesses and organizations globally and in Vietnam.
Ransomware attacks today often start from a security weakness of an agency or organization; the attacker penetrates the system, maintains presence, expands the scope of intrusion, controls the organization's information technology infrastructure, paralyzes the system, and forces the victim organizations to perform the extortion that the attacker is aiming for.
According to experts, the danger of ransomware attacks lies in the fact that attack groups encrypt data of units using all kinds of high-level, complex encryption algorithms. In the newly released e-book on ransomware attacks, experts from Vietnam Cyber Security Joint Stock Company (VSEC) said that according to Statista, in 2023, more than 72% of businesses worldwide were affected by ransomware attacks, an increase compared to 2022 and the highest number reported to date.
In fact, the situation of cyber attacks on information systems in Vietnam in the first months of this year has shown a strong increase in the trend of targeted cyber attacks, using data encryption attacks. According to preliminary statistics, there have been at least 4 successful ransomware attacks on large enterprises in Vietnam in the fields of securities, energy, telecommunications, and logistics.
Experts say that the recent ransomware attacks on business systems in Vietnam continue to be a 'wake-up call' for many domestic organizations and businesses about ensuring safety and network security for their information systems. However, there are still business leaders, especially small and medium-sized enterprises in Vietnam, who are still subjective, thinking that ransomware attack groups mainly target large businesses and organizations with a lot of data and large financial potential.
However, recent observations by VSEC in the process of supporting domestic enterprises have shown that ransomware attacks are a 'nightmare' not only for large companies and corporations; small and medium-sized enterprises also need to prepare plans to respond to and prevent this type of cyber attack.
Sharing with VietNamNet reporters, VSEC experts said that recently this network information security enterprise has received requests for support in reviewing systems due to ransomware attacks, coming from small and medium-sized enterprises.
Citing a specific case, the VSEC expert recounted that in mid-June, a company with more than 100 employees in Hanoi was attacked by ransomware. Hackers encrypted all of the company's data and paralyzed the internal communication system.
To restore the data and system, the hacker demanded a ransom of 20 million VND, after negotiation the final figure was 10 million VND. The company paid the ransom and had the data returned, then contacted a specialist unit for support in checking for system vulnerabilities.
Why are ransomware attacks expanding to small businesses?
Analyzing the reasons for the recent increase in ransomware attacks targeting small and medium-sized enterprises in Vietnam, VSEC experts said: Small and medium-sized enterprises are the group of subjects that own weak systems, are easy to exploit and are also easily compromised with 'moderate' data ransoms.
“Although attacks on large enterprises can bring in higher ransoms, the complex processes and defense systems will require hackers to spend a lot of effort. Not to mention that after a successful attack, large enterprises can back up data and immediately search for incident response units to check for vulnerabilities, making all the hackers' efforts to 'dig' in vain,” the VSEC expert analyzed.
VSEC representative also said: When trading between quickly restoring the system to maintain work efficiency and a 'moderate' fee, it is understandable that small and medium-sized enterprises choose to pay hackers. However, businesses also need to understand that there is no guarantee that when choosing to pay the ransom to hackers, the unit can get it back, without data leakage or loss.
In addition, units also need to note that after finding ways to restore and retrieve data after a ransomware attack, if the vulnerability is not fixed and the system is not upgraded, hackers will continue to exploit and blackmail them.
From the fact that small and medium-sized enterprises are also facing the existential threat of ransomware attacks, information security experts emphasize that not only large enterprises, but also small and medium-sized enterprises, need to equip themselves with a solid defense system and periodically review and evaluate the information security of the system to promptly detect and handle risks before they become incidents.
Currently, units operating in the field of network information security in Vietnam have offered many solutions with costs suitable for small and medium enterprises.
"Investing in information security is no longer as expensive as it was in the beginning. Currently, there are many information security solutions with low costs but high efficiency, suitable for businesses with a small technology investment budget," said a representative of VSEC Company.
In addition, agencies, organizations and businesses also need to equip themselves with basic and necessary knowledge and skills on ensuring network information security and preventing cyber attacks, including ransomware attacks.
In the first months of this year, the Department of Information Security has successively launched the 'Handbook on compliance with legal regulations and enhancing information system security by level (Version 1.0)' and the 'Handbook on preventing and minimizing risks from Ransomware attacks'.
Businesses can refer to these documents to proactively prevent and protect their systems from potential cyber attacks.
Source: https://vietnamnet.vn/khong-chi-cong-ty-lon-doanh-nghiep-vua-va-nho-cung-la-muc-tieu-cua-ransomware-2294151.html
Comment (0)