Warning: Dangerous new malicious code spills over to Vietnam

On the afternoon of February 14, Bkav's virus surveillance system issued a warning about a W32.WeakPass extortion encryption code-targeting campaign targeting Vietnamese Public Servers of foreign hackers.

According to Bkav's estimate, hundreds of agencies and organizations have been victims of this attack, as of the afternoon of February 14.

According to analysts Bkav, Russia, Europe and America are the addresses of hackers launching this attack. Initially, hackers will scan Windows-based servers from agencies and organizations in Vietnam, using the dictionary to try each brute force to detect the passwords of these servers. If successful, the hacker will use the remote desktop service to log in remotely, then install malicious code to extort money onto the victim's device.

Data such as text files, document files, database files, executable files . will be encrypted. In order to retrieve the data, the victim must contact via email to discuss and agree with the hacker about the amount of the ransom to pay.

As Bkav notes, hackers leave a different email on each server encrypted data so that victims can contact.

How to prevent this hacker attack campaign

As recommended by Bkav experts, to prevent this type of attack, administrators need to immediately do the following:

1. Conducting a thorough review of all managed servers, especially public servers out of the Internet.
2. Set a strong password for the server.
3. If not required, turn off the remote desktop service for the server.
4. If you turn on remote desktop service, you must configure only for fixed IPs, restrict access .
5. The updated version of Bkav antivirus software can be downloaded to identify the W32.WeakPass data encryption code for scanning and checking for servers.