Just eight days after a ransomware attack of the VnDirect Securities’ database was discovered, Vietnam’s cyberspace on April 2 recognized another intentional ransomware attack targeting PVOIL, a petroleum distributor, which caused the disruption of the entire information system of the enterprise.

Agencies in charge of network safety and security, with the main force being A05 under the Ministry of Public Security and the Authority of Information Security (AIS) under the Ministry of Information and Communications (MIC), have been helping the two businesses to handle the problems.

Experts believe that the attackers only targeted the two businesses, and more businesses may become their next victims.

AIS in recent days has found an increase in the number of ransomware attacks targeting businesses and organizations in Vietnam. The two attacks above have raised worries about a new ransomware campaign.

Talking to VietNamNet right after PVOIL confirmed the attack, Ngo Quoc Vinh, deputy CEO of VNCS Global, said Vietnam’s cyberspace has been seeing many ransomware attacks recently, but it’s too early to conclude that there is an intentional attack campaign targeting Vietnam.

According to Vinh, one of the reasons Vietnam is among the countries sustaining many ‘Prior Compromised’ attacks is the habit of Vietnamese who use unlicensed software provided on the internet for free. 

The use of pirated software allows hackers to easily install malware inside many systems for a long time.

In general, ransomware attacks don’t begin right after hackers install malware in information systems. Hackers carry out undercover activities for a certain time before they conduct attack at the suitable moment -- for example, when they are sure that the attacks will have the biggest impact and bring the highest financial benefits.

In many cases, attacks are tailored based on the characteristics of targeted enterprises’ business activities. "Hackers conduct multi-directional execution, weaponized by AI to help increase the success rate," he said. 

Commenting about the attack method used in VnDirect and PVOIL cases, Vu Ngoc Son, CTO of NCS, said the attack modes in the two cases were similar, i.e., hackers carried out undercover activities for a certain time and then conducted ransomware attacks. However, the techniques of the two attacks were different, which made him think that the attacks were conducted by different cybercrime groups.

Businesses and organizations have been urged to prevent ransomware attacks. In addition to detecting vulnerabilities, they need to strengthen technological solutions. Meanwhile, large corporations and organizations need to create a team specializing in cybersecurity.

Trong Dat