The Vietnam Computer Emergency Response Team (VNCERT) has reported that GandCrab ransomware affiliates which had been spreading globally over the past year had updated to version 5.2 and the team was taking measures to disconnect with GandCrab server to avoid damages.
VNCERT has a issued high alert for internet-connected computers because GrandCrab’s ransomware contains high risks and could steal and encrypt all data saved. — Photo thoibaotaichinhvietnam.vn
According to Nguyen Khac Lich, VNCERT deputy head, the latest version of the ransomware family had been attacking Viet Nam and other Southeast Asian countries since mid-March this year.
VNCERT has issued a high alert for internet-connected computers because GandCrab’s ransomware contains high risks and could steal and encrypt all data saved on attacked computers.
In Viet Nam, GrandCrab 5.2 ransomware is concealed as archive files ending with documents that end with .rar attached in emails disguised as being sent by the Ministry of Public Security titled “Goi/Gei trong Cong an Nhan dan Viet Nam”.
The encryption attacks the computer when users decompress or open the attached files and directs to download a browser which then logs into the attacker’s digital currency payment window with the required ransom package of US$400 to $1,000.
VNCERT has asked organisations and companies to disconnect from the ransomware server and update the disconnect information on security systems like IDS/IPS to avoid further losses.
In case of attacks, computers must be isolated, the team has warned.
The team also warned organisations and companies to make users aware of the ransomware information. Email users are warned not to click links or open files that end with .doc, .pdf, .zip, .rar and are sent by strangers or have abnormal titles.
VNCERT disconnected from servers with version 1.0 and 2.0 in April last year and is assisting internet users to decrypt GandCrab 5.1. — VNS