On March 7, Bkav's cybersecurity experts said that malware has made many more sophisticated improvements, both in terms of encryption scenarios and spreading methods, and is capable of bypassing conventional security solutions.

In the past 2 months, Bkav experts have continuously received requests for help from many businesses in Vietnam with the common situation that computers in the internal network were encrypted at the same time, and the data could not be saved.

Investigation and analysis results from many cases show that the culprit behind the data encryption is LockBit 3.0, also known as LockBit Black - a ransomware from a famous hacker gang, recently destroyed by the International Police Alliance.

LockBit Black has more sophisticated improvements than previous variants. They are specifically designed to target Windows Domain management servers in internal systems.

After infiltrating, the virus uses these servers to continue spreading into the entire system, disabling security solutions (disable anti-virus, firewall), copying and executing malicious code... In this way, the virus can encrypt all machines in the internal system at the same time without having to attack each machine as before.

To avoid being attacked by LockBit as well as other data encryption viruses, Bkav experts recommend that users and system administrators regularly back up important data; do not open internal service ports to the internet when not necessary; evaluate the security of services before opening them to the internet; and install strong enough anti-virus software for regular protection.