VnDirect case 'collapsed': How dangerous is ransomware?

VnDirect case 'collapsed': How dangerous is ransomware? Picture 1

The case of VnDirect Securities Company being attacked by hackers with ransomware last week has raised a wake-up call for organizations and businesses holding important information systems.

According to the Department of Information Security (Ministry of Information and Communications), the number of ransomware attacks has been increasing recently. The Department has issued a document requesting organizations and businesses to review and implement additional measures to ensure system safety and security.

In the case of VnDirect, the ransomware not only caused the company's systems to be disrupted, but several companies related to VnDirect's owner were also attacked, including VnDirect Joint Stock Corporation. Postal Insurance (PTI), IPA Investment Group (IPA) and IPA Securities Investment Management Company (IPAAM).

What is ransomware?

Ransomware, or ransomware, is malicious software created with the main purpose of extorting money from victims. After entering the device (computer/phone), malicious code often encrypts important data, or blocks legitimate software so that users cannot use the device normally. Sometimes, ransomware also creates a dialog box that obscures the screen, making it difficult for users.

The malicious code will leave a message somewhere on the computer asking the user to pay a ransom to be able to decrypt the data and use the device as normal.

How does ransomware infect computers or phones?

Ransomware lurks in software, links, and files when users perform operations including:

Using cracked software.
Click on the ad.
Visit fake websites.
Click on email attachments.
Download software of unknown origin.
Using USB containing malicious files.

The damage that ransomware causes

Many people first learned about the presence of ransomware on May 12, 2017 when WannaCry appeared. This malware has infected more than 200,000 computers in 150 countries, causing an estimated loss of about 4 billion USD to the global economy. This is considered the largest ransomware epidemic in history and May 12 was later designated as "Anti-Ransomware Day".

WannaCry initially infected the computer systems of telecommunications company Telefónica and several other large companies in Spain. It then spread to the British National Health Service (NHS) server system, the Russian Interior Ministry, the US company FedEx and other targets in 99 countries.

The hacker group controlling WannaCry is said to have exploited the EternalBlue vulnerability, developed by the US National Security Agency (NSA) to attack computers running Windows operating systems. Although the patch was released on March 14, 2017, the delay in updating the patch caused many users and organizations and businesses to be attacked later.

Image of WannaCry malware created on infected computers

Also in 2017, another ransomware, Petya, also spread widely across the globe. During the attack that began on June 27, 2017, the radiation monitoring system at Ukraine's Chernobyl Nuclear Power Plant was shut down. Several Ukrainian ministries, banks and the metro system were also affected. The malware then attacked shipping company Maersk Line, American pharmaceutical company Merck & Co., Russian oil company Rosneft, multinational law firm DLA Piper.

In particular, Petya not only encrypts files, it also destroys the victim's hard drive to the point that it cannot be recovered whether the ransom is paid or not.

The computer systems of many large companies in the world have also been "infected" with ransomware. These include Garmin company (infected in 2020), computer company Acer (in 2021), chip manufacturer Nvidia (in 2022) or resort hotel group MGM Resorts (in 2023).

Large companies infected with ransomware will take a long time to fix due to the large amount of data. The recovery process has been estimated by Pure Storage experts to be an average of 24 days. Businesses are seriously damaged by disrupted operations and spend a lot of money to fix security vulnerabilities and replace data-encrypted systems.

How to prevent ransomware?

For agencies and businesses, to avoid becoming victims of ransomware, business leaders need to pay attention to the following 5 factors:

1. Employee training

This is the first and most important "shield" of a business against malicious code, because employees are the biggest loophole for malicious code to penetrate the company's computer system.

In the report summarizing the situation of Vietnam's cybersecurity in 2023, Vietnam National Cyber ​​Security Technology Company pointed out 3 weaknesses that cause information systems to be attacked the most. Accordingly, the biggest weakness is humans, accounting for 32.6% of incidents (out of a total of 13,900 cyber attacks on agencies and organizations).

It is important to periodically train and improve security knowledge for each employee so that they do not accidentally click on strange links or attachments, or take actions that accidentally open the door to malicious code. penetrate into the system.

2. Build a team dedicated to the company's security

A strong security team that continuously updates knowledge will be the foundation for the stability of the information technology system. This team will also help train the company's employees on computer protection skills to avoid intrusion by malware and hackers.

According to security expert Nguyen Minh Hieu (Hieu PC), for companies with large information systems, it is possible to build 2 security teams. One team specializes in simulating attacks on the system to find vulnerabilities and the other team finds ways to defend against that intrusion. This helps the company early detect vulnerabilities in its system as well as prevent potential risks.

3. Regularly update software and devices

Ransomware, like viruses, often penetrates through unpatched vulnerabilities in the system. Therefore, security teams of agencies and businesses need to regularly update patches as well as replace outdated network equipment to prevent bad guys from entering the system.

4. Account decentralization and decentralization

There needs to be a clear decentralization and authorization policy so that less relevant employees are not allowed to widely access the system, especially accessing the endpoint. For important system buttons, only a few people are allowed to access them.

5. Back up data, create a backup system

A backup database system is extremely important for every agency and business. It must be set up to run in parallel with the main system. When the main system is attacked or knocked down, the backup system can be quickly used to restore operation.

This backup system needs to have its own security mechanism so that it will not be affected when the main system is attacked. Some experts believe that, in the case of VnDirect, it seems that the backup data system has also been attacked and encrypted by malicious code, making this unit unable to restore operations in a short time.

Jessica Tanner

Update 02 April 2024