Windows computer users need to be careful with ransomware

Cybersecurity agencies recommend strengthening protection for Gmail and Outlook accounts against ransomware.

International cybersecurity agencies have issued warnings about the activities of the Medusa cybercrime group, which specializes in organizing cyberattacks using data encryption malware to extort money (Ransomware). The victims of this group are agencies, organizations, businesses, hospitals and schools.

The group conducts sophisticated cyberattacks, exploiting vulnerabilities and penetrating networks or computers, encrypting data and holding victims to ransom. The ransom can reach millions of US dollars. The group's list of more than 400 victims includes Toyota Financial Services, a subsidiary of the Toyota Group, which was attacked with ransomware and demanded a ransom in November 2023.

Ransomware causes damage to many organizations and individuals

Security researchers at Kaspersky discovered the activities of the Medusa ransomware in 2023. According to Kaspersky's recommendations for businesses, the steps to check include: Check and secure remote control services (Remote Desktop), regularly check and update patches for Virtual Private Network (VPN) services that provide employees with access to the corporate network, update the latest versions of software on devices, Back up important data... and strengthen security with solutions such as Kaspersky Endpoint Detection and Response to detect attacks early.

Kaspersky Plus 2025's comprehensive management interface provides users with an overview and automatically handles security risks.

For individual users, the cybersecurity agency recommends strengthening protection for Gmail and Outlook accounts as well as VPN services in use, such as backing up data to multiple copies, in separate and secure locations, updating Windows operating systems and software in use, and using security monitoring and tracking tools for devices and networks to detect intrusions.

Microsoft has also warned that millions of Windows computers are the target of a cyber attack when infected with malware from pirated movie viewing sites. According to Microsoft, when accessing pirated movie viewing websites, users' computers can be redirected to download malware that cybercriminals 'borrow' from Github as a storage place.

The attack is a fairly sophisticated four-stage attack, with pieces of malware downloaded from multiple websites including Discord and Dropbox. Critical data is exfiltrated, including data stored in the Microsoft OneDrive cloud. The malware also probes whether the user’s computer contains financial information from cryptocurrency wallets such as Ledger Live, Trezor Suite, KeepKey, BCVault, OneKey, and BitBox.

According to Mr. Ngo Tran Vu, Director of NTS Security, most individual users and small businesses are still negligent in the face of digital threats. In particular, they often have the habit of accessing online movie viewing websites for entertainment right on their Windows computers containing a lot of important data. Business data, management account information... are only superficially or incompletely managed, causing these subjects to often suffer heavy damage and be difficult to recover when incidents such as ransomware attacks occur."

Comment (0)