Ransomware attacks will continue to increase

Top attack targets are financial and securities institutions.

According to information provided by experts at the seminar "Preventing ransomware attacks" organized by Vietnam ICT Press Club in collaboration with the National Cyber ​​Security Association on April 5, since the beginning of 2023, there have been more than 13,750 cyber attacks on information systems in Vietnam causing incidents. In particular, in the first 3 months of this year alone, the number of cyber attacks on information systems in Vietnam was 2,323.

Notably, in recent times, many Vietnamese enterprises such as VNDirect, PVOIL... have been attacked with data encryption. When this incident occurred, the functional forces on network safety and security, mainly A05 (Ministry of Public Security) and the Department of Information Security (Ministry of Information and Communications), have been and are actively supporting these enterprises with experts to overcome and handle the incidents.

The fact that Vietnamese organizations and businesses have been continuously facing ransomware attacks recently is causing many agencies and units to worry about whether there is a ransomware attack campaign targeting domestic information systems.

Experts and speakers participating in the discussion. Photo: Nguyen Quyet

Mr. Nguyen Viet Phu, Chairman of Vietnam ICT Press Club said: “Ransomware attacks are not a new form of cyber attack but have become quite popular in recent years. Ransomware attacks have now become a common problem for all businesses and organizations around the world, especially financial institutions, banks or units that manage and process a lot of user data. This problem poses a problem for businesses to strengthen security and protect the safety of information systems.”

The National Cyber ​​Security Association said that in response to this issue, the Department of Cyber ​​Security and High-Tech Crime Prevention (Ministry of Public Security) has proactively presided over and coordinated with the Department of Information Security (Ministry of Information and Communications) and relevant agencies to coordinate the investigation, instruct agencies and businesses to promptly fix the problem, soon bring information systems back to normal operation, and limit the consequences of damage to agencies and businesses. The results of the investigation and handling of data encryption attacks show that the methods and tricks of this criminal group are extremely sophisticated and dangerous, and the attack scenarios of the hacker group have many similarities.

However, according to Mr. Pham Thai Son - Deputy Director of the National Cyber ​​Security Monitoring Center (Ministry of Information and Communications), it is worrying that although cyber security agencies have repeatedly warned, the awareness of the role and importance of ensuring cyber security and safety of most information system owners is still limited. That leads to low response capacity and the ability to handle and fix incidents against cyber attacks.

Sharing the same view, Lieutenant Colonel Le Xuan Thuy, Director of the National Cyber ​​Security Center, Department of Cyber ​​Security and High-Tech Crime Prevention, Ministry of Public Security, assessed that 24/7 information security monitoring work is generally not regularly carried out by organizations and businesses. Even large organizations and businesses are still negligent.

With important IT systems not being invested in synchronously, not being monitored and updated regularly, there are security holes..., becoming a weak point for hackers to attack.

Ransomware attacks will continue to increase

The National Cyber ​​Security Association predicts that in the coming time, hacker groups will increase cyber attacks using ransomware, targeting key agencies, economic, financial, and energy organizations, and continue to develop in a complex manner. It is not impossible that malware attacks have been deeply embedded in information systems.

Mr. Vu Ngoc Son - Technical Director of National Cyber ​​Security Technology Joint Stock Company (NCS) - Head of Technology Research Department of National Cyber ​​Security Association commented that the form of hacker attacks is relatively similar, all are local attacks for a period of time and then encrypt data for ransom. However, the attack techniques of the cases are not the same, so it is possible that these are attacks by different cyber crime groups. There is no evidence that this is an organized campaign. However, this possibility cannot be ruled out because the incidents occurred consecutively in a relatively short period of time.

Mr. Vu Ngoc Son - Technical Director of National Cyber ​​Security Technology Joint Stock Company. Photo: Nguyen Quyet

In response to this issue, the Department of Information Security has requested agencies, organizations and enterprises to focus on implementing a number of other tasks in the coming time, such as: reviewing and organizing the implementation of information security assurance at all levels; effectively, substantially, regularly and continuously implementing information security assurance work according to the 4-layer model; developing incident response plans for information systems under management; implementing periodic backup plans for systems and important data to promptly restore when data encryption attacks occur...

In addition, investing in security solutions requires synchronization and coordination between domestic and international agencies, organizations and businesses to improve quality and efficiency.

Duc Hiep