Vietnamese internet security firm Bkav announced on security forum Whitehat.vn that it has detected deliberate attacks by foreign hackers on servers offering services in Vietnam. As of February 14, victims of the attacks amounted to hundreds of agencies and organizations, VietnamPlus reported.
A screenshot of an email from hackers asking for a ransom. The servers of hundreds of agencies in Vietnam have been attacked by foreign hackers
These agencies, whose specific names were not revealed, had their servers hacked and all data encrypted. The attacks reportedly originated from Russia, Europe and Americas.
The hackers have applied a dictionary attack, one version of the classic hacking method called a brute force attack, to obtain the usernames and passwords of servers running on Windows operating systems. On cracking the passwords, the hackers log into these computers through a remote desktop service, install ransomware and demand a ransom in exchange for access.
The encrypted data include scanned documents and databases. The victims of the attacks were asked to pay an unspecified ransom to get access to the files. They were asked to negotiate with the attackers through email. According to Bkav, the hackers provided different email addresses for each ransomware-attacked server.
Bkav’s antivirus software has been updated to detect the ransomware W32.WeakPass, including free versions. Information technology (IT) staff at agencies and organizations can download Bkav software to scan their servers.
Also, IT staff should take preventive measures against ransomware attacks by regularly checking all servers, creating strong passwords and turning off the remote desktop function when it is not in use. If the remote desktop function is needed, the IT staff should restrict the login rights to specific users.
SGT