Warning: Dangerous new malicious code spills over to Vietnam
On the afternoon of February 14, Bkav's virus surveillance system issued a warning about a W32.WeakPass extortion encryption code-targeting campaign targeting Vietnamese Public Servers of foreign hackers.
According to Bkav's estimate, hundreds of agencies and organizations have been victims of this attack, as of the afternoon of February 14.
According to analysts Bkav, Russia, Europe and America are the addresses of hackers launching this attack. Initially, hackers will scan Windows-based servers from agencies and organizations in Vietnam, using the dictionary to try each brute force to detect the passwords of these servers. If successful, the hacker will use the remote desktop service to log in remotely, then install malicious code to extort money onto the victim's device.
Data such as text files, document files, database files, executable files . will be encrypted. In order to retrieve the data, the victim must contact via email to discuss and agree with the hacker about the amount of the ransom to pay.
As Bkav notes, hackers leave a different email on each server encrypted data so that victims can contact.
How to prevent this hacker attack campaign
As recommended by Bkav experts, to prevent this type of attack, administrators need to immediately do the following:
- Conducting a thorough review of all managed servers, especially public servers out of the Internet.
- Set a strong password for the server.
- If not required, turn off the remote desktop service for the server.
- If you turn on remote desktop service, you must configure only for fixed IPs, restrict access .
- The updated version of Bkav antivirus software can be downloaded to identify the W32.WeakPass data encryption code for scanning and checking for servers.
You should read it
- Lukitus Guide to preventing extortion malicious code
- Warning: Detecting a campaign to spread malicious code GandCrab 5.2 into Vietnam via fake email of the Ministry of Public Security
- Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype ...
- After WannaCry, Petya's 'extortion' malicious code is raging, this is a remedy to prevent
- Warning: GandCrab extortionist code is attacking Vietnam
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
- Disable malicious HiddenTear Ransomware with HT Brute Forcer
- Discover a new kind of malicious code that can record the phone call to extort money
- GIBON extortion code spread through spam
- Warning: VPNFilter malicious code attacks the router that has 'evolved', there are many extremely dangerous new features
- Warning: New malicious code is infecting about 500,000 router devices
- Information security: Data encryption - not enough!
Maybe you are interested
Bphone obtained Google Play Protect certificate, marking the progress of Bkav
Bkav 2014 software launched soon with Anti Leak technology
Bkis is about to stop providing Bkav Home
In early 2011, BKAV SE will be released
Symantec is not under pressure to abandon the warning website Bkav
Bkav software is mistakenly recognized as malicious code