What is an effective solution to deal with ransomware attacks?

In the context of cyber attacks continuing to increase in complexity, especially ransomware attacks targeting businesses and organizations, protecting data according to the 3-2-1 standard rule (3-2-1 backup), along with measures to strengthen 24/7 monitoring and raise awareness of ensuring information security and network security are important solutions to effectively respond to hackers.

Fast system recovery with 3-2-1 backup

As a business that was attacked by ransomware on April 2, after just over a day, Vietnam Oil Corporation (PVOIL) quickly reissued electronic invoices through a service provider.

By April 12, PVOIL had put the entire information technology system, 4.0 applications and PVOIL's electronic invoice issuance system back into operation, serving PVOIL's production and business activities.

According to Mr. Tu, after only 3 hours of detecting the ransomware malware had entered the server, PVOIL disconnected the connection to prevent the spread of the malware and isolated the server. In addition, PVOIL immediately reported to the Department of Cyber ​​Security and High-Tech Crime Prevention - Ministry of Public Security; Department of Information Security - Ministry of Information and Communications, Vietnam Oil and Gas Group (PVN), partners and coordinated with companies specializing in network security protection to review the system, control the spread of malware, patch, plug vulnerabilities, remove malware, patch errors to restore from backup data.

By implementing data backup according to the 3-2-1 standard model, PVOIL has minimized the impact of the cyber attack as well as had backup data to restore data, rebuild the application system as well as the information technology system in the fastest time, serving business operations.

According to technology expert Nguyen Xuan Phong, backing up data according to the 3-2-1 standard is a simple but quite effective solution for both large and small businesses.

Specifically, large enterprises that have invested well in information technology infrastructure only need to be more vigilant and protect backups. For small businesses, with low security costs, the optimal way is to upload to Google Drive, Google Cloud or Microsoft, regularly back up data weekly, daily and protect administrative accounts.

Raising awareness of information security

Regarding the cause of recent ransomware attacks, Mr. Le Xuan Thuy, Director of the National Cyber ​​Security Center, Department of Cyber ​​Security and High-Tech Crime Prevention - Ministry of Public Security, said that many units have paid attention to investing in information technology infrastructure as well as having information security measures. However, the operation, especially network security monitoring, has not been done well, in the current context of constantly emerging new security holes and new malware strains, so the possibility of penetration can occur.

Sharing the same view, technology expert Nguyen Xuan Phong also said that he had handled two cyber attacks using data encryption at two different companies. The first case was attacked due to the carelessness of staff when leaving the password account too easy, allowing hackers to gain access to the computer and spread malware.

The second case of attack was through a vulnerability in Vietnam's accounting software, hackers used software to scan information, attack through this accounting software and encrypt data. However, thanks to timely detection and data backup according to the 3-2-1 standard, the team of technology experts was able to handle and restore the information technology system.

According to technology expert Nguyen Xuan Phong, in the era of 4.0 technology and the Internet of Things, the threat to network security comes from many directions. Currently, malware spreads from many sources, commonly via email and text messages. In addition, today many people rely too much on OTT tools such as Zalo, Viber or Telegram, "if not vigilant, they will inadvertently create conditions for cyber attacks, especially through Telegram, hackers spread malware to computers very quickly."

Expert Nguyen Xuan Phong warned that in addition to complying with security regulations and investing more in cybersecurity monitoring, it is very important to focus on internal training to raise awareness of data protection for all staff because in reality, most ransomware attacks are detected on the devices of ordinary employees, not from network administrators.

Regarding the company that has just restored its information technology system after the ransomware attack, Mr. Nguyen Tuan Tu said that PVOIL has plans to invest in additional equipment and software to improve its network security capabilities. In addition, PVOIL will hire a separate network security unit to monitor 24/7, promptly prevent and remove malware attacks as well as intrusions into PVOIL's firewall system. In addition, PVOIL will organize training to raise awareness of ensuring information security and network security for all officers and employees.

According to Mr. Le Xuan Thuy, Director of the National Cyber ​​Security Center, Department of Cyber ​​Security and High-Tech Crime Prevention - Ministry of Public Security, ransomware attacks will continue to increase in the coming time in Vietnam and around the world. To respond effectively, Vietnam is on the negotiation path to join the global initiative against ransomware with more than 50 other countries. With many policy pillars, Vietnam can effectively coordinate with the functional forces of other countries to attack the infrastructure of hacker groups.

Currently, the Department of Cyber ​​Security and High-Tech Crime Prevention - Ministry of Public Security also deploys 24/7 cyber security monitoring centers, collecting cyber security intelligence to support the community as well as organizations, government agencies and businesses to enhance the identification of signs as well as support units to respond to cyber attacks when they occur.

Mr. Le Xuan Thuy said that when discovering a cyber attack, units need to immediately notify the competent authority, the Department of Cyber ​​Security and High-Tech Crime Prevention - Ministry of Public Security, so that personnel can support, coordinate, collect evidence, investigate and trace cyber crimes if any. Units that are attacked by cyber attacks need to stay calm to have an appropriate response plan. In reality, many units are confused and many forces participate in the rescue but without tight organization and clear division of labor, they step on each other's toes, sometimes hindering the recovery process.

Faced with the complicated developments of cyber attacks, on April 7, Prime Minister Pham Minh Chinh signed Official Dispatch No. 33/CD-TTg requesting ministries, branches and localities to strengthen network information security. In this dispatch, the Prime Minister requested the implementation of a number of urgent tasks in the face of the situation of cyber attacks, especially ransomware attacks, which have increased sharply and may continue to develop complicatedly in the coming period, posing a risk of seriously affecting socio-economic development activities.