Take steps to prevent ransomware

There is no solution to prevent 100% of cyber attacks as well as fully recover from incidents. To enhance the security of information systems, strict and regular implementation of preventive measures to prevent attacks is a fundamental solution for units and organizations.

Ransomware is evolving

According to a report by Cybersecurity Ventures, the cost of cybercrime will reach $8 trillion by 2023 – or more than $250,000 per second. By 2025, the annual loss is expected to rise to $10.5 trillion.

In Vietnam, in 2023, the Vietnam Information Security Warning Portal recorded about 13,900 cyber attacks on agencies, organizations and businesses. Nearly 16,000 online fraud reports, causing losses of more than VND 390,000 billion (equivalent to 3.6% of GDP).

According to a report by security company Trend Micro, in the first 6 months of this year, ransomware attacks increased by 50% compared to 2023. The main target of the attack is to steal personal data and sensitive commercial data for extortion. This increases the cost and complexity of the incident, while posing a greater risk of reputational damage to organizations and businesses. Mr. Le Minh Nghia, Security Consultant, Trend Micro, noted that hackers have researched the use of artificial intelligence (AI) to automate and accelerate attacks, creating malware that is more effective than email phishing. Combined with the development of mobile devices connected to the internet (IoT) via 5G networks, the possibility of cyber attacks will increase in the future.

According to Mr. La Manh Cuong, General Director of OPSWAT Vietnam Software Company Limited, the main reason why Vietnamese enterprises become targets of cybercrime is because they have not fully prepared a cybersecurity defense system to protect critical network systems. At the same time, the use of unlicensed software, which is not updated regularly, and a lack of awareness of cybersecurity make enterprises vulnerable to attacks. To effectively protect the cybersecurity of enterprises, the business community needs to deploy a comprehensive security solution based on the "Zero Trust" philosophy - no one inside or outside the network is trusted unless their identity has been thoroughly checked.

According to statistics from the Vietnam Information Security Association (VNISA), in the first 6 months of 2024, a series of ransomware attacks targeted key businesses in Vietnam. These attacks paralyzed information systems, disrupted operations and business activities, and caused huge financial losses. Many businesses were forced to pay large ransoms to retrieve data and restore systems, losing the trust of customers and partners. The damage was not only economic but also had a long-term impact on the reputation and competitiveness of Vietnamese businesses in the international arena.

Vice President of the Vietnam Information Security Association Ngo Vi Dong commented: Ransomware is a threat to network security, causing heavy financial and reputational damage to businesses. Malware attacks have become a trend, forcing units and businesses to have strict defense solutions.

Comply with precautionary measures

Faced with the complicated situation of cyber attacks using malware, the Department of Information Security, Ministry of Information and Communications has instructed ministries, branches, localities and enterprises nationwide to deploy solutions to increase the effectiveness of ensuring information security and quickly restore operations after incidents.

Specifically, units need to periodically perform offline data backups, applying a data backup strategy according to the "3-2-1" principle. This principle ensures that each important data has at least 3 copies, storing copies on 2 different storage media and having 1 offline backup using tape, USB or portable hard drive... Offline backup data must be completely separate, not connected to the network, isolated to prevent and combat escalating attacks on the storage system.

Units deploy solutions to be ready to quickly restore information system operations when incidents occur, bringing information system operations back to normal within 24 hours or according to business requirements; Regularly organize the implementation of solutions, especially information security monitoring solutions, to prevent and promptly detect early risks of cyber attacks in all 3 stages (including: infiltrating the system; lying in wait and initiating the process of destroying the system).

Units need to review, fix and prevent basic errors that lead to information system insecurity; Strengthen monitoring and management of important accounts, system administrator accounts using 2-layer authentication solutions or privileged account management solutions to prevent and minimize damage in case attackers obtain the password of the administrator account. At the same time, separate and control access between network zones and convert and upgrade outdated applications, protocols, and connections that are no longer technically supported to the use of platforms and applications to minimize the risk of cyber attacks escalating into the information system through users' computers and terminals.

The Information Security Department noted that since the beginning of 2024, a number of cyber security incidents have occurred in Vietnam, especially ransomware attacks, causing damage and disrupting online services of agencies, organizations and businesses. Notably, the recovery and recovery from cyber security incidents by some units is still slow and confusing.

The main reason is due to not fully complying with and implementing regulations on ensuring network information security, typically not having an offline data backup, not having or having an inappropriate plan for quick recovery after an incident, allowing incidents to occur due to basic errors, not deploying anti-malware software on important servers, not monitoring information security... Therefore, units need to seriously implement key solutions according to the instructions of the Department of Information Security.