Through supporting a number of Vietnamese businesses that were attacked by data encryption – ransomware, Bkav experts discovered that hackers accessed the system through the TeamViewer remote access tool on the businesses’ shared computers.
Business operations stagnated due to ransomware attacks
TeamViewer is a legal remote access tool widely used around the world as well as in Vietnam. However, this tool can also be exploited by hacker groups to access devices in the systems of businesses and organizations to install data encryption code, malware… using how to exploit leaked user login information in the organization.
In the information just shared, Bkav said that this cyber information security business recently received requests for support from a number of businesses that were attacked by ransomware, causing all of the organization’s data to be encrypted.
Analysis by experts shows that the first cause is because the TeamViewer software on the enterprise’s shared computer has the default password. Hackers collected that default password, logged in from the computer, installed LockBit 3.0 encryption malware (also known as LockBit Black) right on the desktop and executed the malware.
All data of businesses and organizations requesting Bkav for support has been encrypted, causing the businesses’ production and business activities to stagnate. These businesses and organizations were also asked by hackers for large sums of money to receive decryption keys to help restore data.
In the first 2 months of this year, Bkav also continuously received requests for help from many businesses in Vietnam with the general situation that computers in the internal network were encrypted at the same time, data could not be accessed. can be saved. The ‘culprit’ of these data encryption attacks, through analysis, has been identified as LockBit 3.0 malware, a ransomware with many more sophisticated improvements compared to previous versions of LockBit malware. both in terms of encryption scripts as well as the way of spreading, capable of bypassing conventional security solutions.
From recent cases of supporting Vietnamese businesses in handling ransomware attacks, Bkav experts commented: User subjectivity and neglect of security are still the “fatal points” causing problems. attempting to compromise the safety and security of systems.
“Specifically, employees within organizations and businesses are often caught off guard when using TeamViewer. For example, they set IDs and passwords that match many different software and applications on a shared computer, or send TeamViewer account information to each other through many chat channels, emails… and accidentally reveal it.”Bkav expert analyzed.
Experts also recommend that users be careful in sharing IDs and passwords via email and social networks, do not set weak default passwords, and do not let TeamViewer mode start with the computer because then the ID and Password remains unchanged.
Recorded 9 ransomware attacks targeting large organizations in Vietnam
In information shared on March 29 with reporters Newspaper Regarding the attack incident on the system of VNDIRECT Securities Joint Stock Company, Mr. Tran Quang Hung, Deputy Director of the Information Security Department (Ministry of Information and Communications) said: ransomware attack is not a new form of network attack but is increasing. has become quite popular in the past few years, and financial and securities institutions are always one of the top targets of hackers.
Commenting that ransomware attacks are a common problem for organizations and businesses globally, especially financial institutions, representatives of the Department of Information Security also emphasized that this problem is posing a problem for agencies and organizations. Auditors must urgently improve security capabilities to protect the safety of information systems, especially those that store user data and serve online transactions.
Ransomware attacks are considered a common problem for organizations and businesses globally. Illustration photo: gemvietnam.com
In the report on the risk of information insecurity in Vietnam in 2023 published by Viettel Cyber Security at the end of January 2024, this unit assessed that malicious code is still seriously affecting many important areas. , typically banking, finance, securities, telecommunications, and energy. Attack groups are becoming more and more sophisticated in using malicious code, especially ransomware and stealer (information stealing malware – PV), causing great damage to businesses and organizations both economically and economically. brand reputation.
Notably, the Viettel Threat Intelligence system in 2023 recorded at least 9 ransomware attacks targeting large companies and organizations in Vietnam. These attacks encrypted hundreds of GB of data and extorted at least 3 million USD, causing heavy disruption and damage to businesses and organizations targeted by hackers.
Pointing out four notable hacker groups in ransomware attacks that Viettel Threat Intelligence system detected last year including LockBit, Rhysida, Cl0p and Blackcat, Viettel cybersecurity experts also noted the trend of ‘ransomware- as-a-service’ (Raas) is increasingly increasing and focusing on organizations and businesses.
Statistics of prominent ransomware attacks affecting large businesses and organizations in Vietnam in 2023, as recorded by Viettel Cyber Security.
Talking to reporters about solutions to respond to ransomware attacks, information security experts all affirmed the view that ‘prevention is better than prevention’, in which a solution needs to pay special attention to awareness training. about security for employees, because humans are always the ‘weak link’ in ensuring system security.
“Businesses need to organize information security awareness courses for employees, helping them recognize threats and avoid potentially risky behaviors, such as opening malicious email attachments or clicking on suspicious links”recommended by Mr. Nguyen Minh Hai, Technical Director of Fortinet Vietnam.
From the perspective of the unit that is responding and restoring the new system that suffered a ransomware attack, in a letter to customers dated April 29, Chairman of the Board of Directors of VNDIRECT Company Pham Minh Huong also shared: This event is also an opportunity for VNDIRECT to train awareness and improve team quality; consolidate and upgrade its privacy and security system; Be prepared to respond to similar incidents in the future.