More than 77,000 computers in Vietnam are infected with data encryption virus

Since the beginning of 2023, Bkav’s technical support center has received hundreds of calls, asking to handle ransomware viruses. Bkav’s virus monitoring system also recorded that in the first half of this year, more than 77,000 computers in Vietnam had data encrypted. Studying the strong spread of this virus, experts pointed out that “Asin’s heel” causes many organizations to be blackmailed by ransomware.

In early May 2023, a business said that its system was attacked by ransomware with more than 10TB of encrypted data, the hacker then asked the unit to pay more than 4 billion VND in exchange for the decryption key. The cause of the ransomware attack was identified by Bkav because its system is protected by an anti-virus software that is not strong enough.

In mid-May 2023, another business also recorded a similar case when hackers attacked and encrypted data on a series of servers and personal computers at midnight. Hackers demanded $9,000 in data ransom for each encrypted machine. Bkav experts discovered that the system was attacked by the Jianliang encryption virus, which had never appeared before.

Bkav’s virus monitoring system also detects STOP/DJVU or FARGO3 data encryption malware, specifically targeting businesses and units using accounting data management software. According to statistics, there are a total of 261 compromised servers from more than 6,000 different IPs.

Nguyen Tien Dat, General Director of Bkav’s Malware Research Center, said that these are just examples among many cases showing the subjectivity of system administrators, causing ransomware to blackmail. rife. Among hundreds of cases of contacting Bkav asking for help, more than 50% of organizations and individuals do not use anti-virus software or install inadequate protection applications.

In particular, there are units that have a lot of important data but save money, using free anti-virus software. Free anti-virus software is only capable of handling common malicious code, suitable for protecting not too important data due to its inability to automatically detect and completely remove data-encrypting viruses. .

Data encryption malware uses many methods to attack: exploit web service vulnerabilities, brute force into SQL services, operating system vulnerabilities, to attack directly. continue to the server. The other way is to attack a personal machine, from there silently scan, go deep into servers and other computers in the network …

“The consequences of data encryption incidents are often devastating because recovering the data is nearly impossible. Even if the victim accepts to pay, it does not guarantee that they will get back the data from the hacker,” Dat said.

To avoid data encryption attacks, experts from Bkav recommend users and system administrators to perform the following actions: Backup important data regularly; do not open the internal service port to the Internet when it is not necessary; security assessment of services before opening to the Internet; Install anti-virus software powerful enough for permanent protection.