Ransomware attacks and countermeasures

Tran Thi Mai Hanh
Chia sẻ

(VOVWORLD) - Ransomware attacks using complex methods, such as vectors, to infect networks or devices of key agencies and economic, financial, and energy organizations will continue to increase in the future, according to a recent seminar organized by the Vietnam Information Technology Journalists Club and the National Cyber Security Association. Participants suggested preventive measures for organizations and businesses to counter suchattacks.

Ransomware attacks and countermeasures - ảnh 1Measures to prevent ransomware attacks are the topic of a discussion in Hanoi in April, 2024. (Photo: dangcongsan.vn)

On March 24, securities company VNDirect’s entire system suffered a ransomware attack, resulting in the temporary shutdown of the trading platform for a week. The Post and Telecommunication Joint Stock Insurance Corporation reported a cyberattack on its system at nearly the same time as the attack on VNDirect’s system. Most recently, PetroVietnam Oil Corporation (PVOIL), IPA investment firm, IPAAM stock investment fund, and Homefood JSC also reported ransomware attacks which caused disruptions to their information systems.

YouTube channels with millions of followers, such as “Mixigaming” and “Quang Linh Vlogs”, were hacked to deny access by administrators. The hackers changed the admins’ avatars and cover photos, the channel’s names, and ran advertisements about crypto currency.

“When we supported organizations to resolve the problems, we found that they were initially very confused, which led to further consequences. When an incident occurred, they did not know where to start to handle it and did not report it immediately to the authorities, even though there are specialized Governmental forces to assist them. Without a clear investigation and response plan, they hastily restored the system which also removed important traces of evidence," said Le Xuan Thuy, Director of the National Cyber Security Center of the Ministry of Public Security.

Mr. Thuy said a relatively common mistake by many companies is not identifying the cause of the problem in order to thoroughly fix it. Instead they hastily reset the system to resume operations. If the attack is organized, it is usually not targeted to one place and the victims just end up chasing after the hackers, Thuy added.

The National Cybersecurity Association said ransomware is not new. It regularly targets financial, technology, and media companies to cause prolonged operational disruptions. Cybersecurity agencies at the Ministry of Public Security and the Ministry of Information and Communications have been cooperating closely to investigate and help businesses address the problem.

Ransomware attacks and countermeasures - ảnh 2Vu Ngoc Son, Technical Director of the Vietnam National Cyber Security Technology Corporation (Photo: dangcongsan.vn)

“To prevent data disruption, we traditionally invest 80% of our cybersecurity budget in prevention and only 15% in monitoring and 5% on response. This mindset should change to a more equal triple model. Of course, a house without a lock is vulnerable to attack. But investment in the lock is just one third of the preventive measure. The second is monitoring and supervision," said Vu Ngoc Son, Technical Director of the Vietnam National Cyber Security Technology Corporation.

"There are network security monitoring services which have people on duty around the clock to monitor and oversee the system. And the third part is response, which means we must be ready for attacks at any time. If we are attacked, we must determine what we should do.”

According to the National Cyber Security Association, there have been over 13,000 cyber attacks in Vietnam since the beginning of the year. Pham Thai Son, Deputy Director of the National Cyber Security Center of the Ministry of Information and Communication said a data back-up plan is a must to cope with such attacks.

“It’s difficult to ensure 100% safety against ransomware. One thing we should do is to back up data regularly. We must have a back-up plan and procedures. For example, we now apply the 321 tactic, which means we save at least 3 copies of all the data in 2 different formats and at least 1 copy offline. Next, we need an outside authority continuously monitoring and ready with a risk-warning system,” Son said.

Strengthening security solutions, overseeing the systems to detect security vulnerability, developing incident response plans, and periodically backing up systems and important data are also part of the Ministry of Information and Communications’ counter-cyber attack instructions to organizations and businesses.