More than 77,000 computers in Vietnam have their data encrypted for ransom

According to information from Bkav, in early May 2023, a large enterprise with a team of experienced administrators, clearly knew that its system was attacked by ransomware, with more than 10TB of data encrypted. Hackers demanded more than 4 billion VND in exchange for the decryption key. The problem was that this unit's system was not protected by a strong enough antivirus software.

Then, in mid-May 2023, another company was attacked by hackers and their servers and personal computers were encrypted at midnight. The hackers demanded 9 thousand USD in ransom for each encrypted computer. Bkav experts discovered that the system had been attacked by the Jianliang encryption virus, which had never appeared before.

Bkav's virus monitoring system also discovered that the data encryption malware "STOP/DJVU" or "FARGO3" specifically targets businesses and units using accounting data management software. According to statistics, a total of 261 servers were hacked from more than 6,000 different IP addresses.

Notably, in the 6 months from December 2022 to the end of May 2023, Bkav's Technical Support Center received hundreds of calls requesting to handle ransomware. Bkav's virus monitoring system also recorded more than 77,000 computers in Vietnam with encrypted data.

Mr. Nguyen Tien Dat, General Director of Bkav's Malware Research Center, said that among hundreds of cases that contacted Bkav for help, more than 50% of organizations and individuals did not use anti-virus software or installed protection applications that were not strong enough.

In particular, there are units that have a lot of important data but are frugal, using free antivirus software. "Free antivirus software is capable of handling common types of malware, only suitable for protecting data that is not too important because it does not have the ability to automatically detect and completely destroy data-encrypting viruses," Bkav experts analyzed.

Data encryption malware uses many methods to attack such as exploiting web service vulnerabilities, brute force password scanning on SQL services, operating system vulnerabilities, to directly attack the server. Another way is to attack a personal computer, from there silently scan, penetrate deep into servers and other computers in the network...

“The consequences of data encryption incidents are often devastating, because data recovery is almost impossible. Even if the victim agrees to pay, there is no guarantee that they will get their data back from the hacker,” said Mr. Nguyen Tien Dat.

To avoid data encryption attacks, experts recommend that users and system administrators regularly back up important data; do not open internal service ports to the Internet when not necessary. At the same time, it is necessary to assess the security of services before opening them to the Internet and install strong enough anti-virus software for constant protection.

According to Vietnamnet