Mr. Tran Nguyen Chung, Head of Information System Security Department, Information Security Authority (ISA) said: A number of recent cyber attacks on a number of Vietnamese enterprises show that cyber attacks are increasing. The trend in the coming time is that ransomware attacks will target businesses and online service providers.

“Monitoring cyber attacks in recent times shows that the subjects tend to attack some groups such as: State agencies, financial and banking agencies, energy infrastructure providers, financial organizations, education, health, etc. In the digital transformation period, the risk of attacks is inevitable and frequent. Therefore, units and businesses must raise awareness and prevent themselves. When detecting an attack, they must proactively prevent it, spread it and have solutions to quickly restore operations,” said Mr. Tran Nguyen Chung.

The State information security authorities always accompany and support incident handling. However, this is a matter of resolving the incident. It is important that the units are always ready to handle malware attacks and restore operations soon. “In addition, we recommend not using ransom to unlock malware. When we pay ransom, we cannot confirm whether the data has been leaked or not. The risk of continued data leakage and further ransom demands is real,” said Mr. Chung.

Mr. Chung recommended: “Because the target of cyber attacks for extortion is increasing, units should review information systems according to the classified level and have corresponding protection solutions. The Department of Information Security has a handbook and subjects using attack technology. Units investing in people and processes must comply with information security procedures.”

From the perspective of businesses operating in the field of information security and network security, Mr. Nguyen Van Thu, General Director of Bkav Cyber ​​Security – Bkav Technology Group, commented: Ransomware attacks are extremely dangerous, leaving extremely serious consequences. Ransomware attacks not only encrypt data but also cause system failures that disrupt the operations of agencies and organizations. Vietnam’s economy is on the rise, along with the strong growth of the internet, making it easier for hackers to choose targets and carry out their actions. Therefore, it can be said that this trend will increase in the near future.

“The recent attacks and system intrusions by hackers often last for several months or even years before being discovered, so the damage is huge. To prevent this, we need to equip security systems and especially SOC monitoring systems so that when any unusual behavior occurs, we can immediately detect and respond promptly to prevent hackers from harming the system. When attacked, individuals, agencies, organizations and businesses should stay calm, assess the extent of the damage, quickly find units with experience in responding to and handling network security incidents to coordinate the handling, and should not panic and follow hackers’ requests,” said Mr. Nguyen Van Thu.

Meanwhile, Mr. Ngo Minh Hieu, Co-founder of Anti-Fraud (ChongLuaDao.vn) said: In a ransomware attack, the victim may encounter many significant risks and damages, including: Ransomware encrypts the victim’s data, making it impossible to access important files and data. Data loss can include important documents, customer data, trade secrets, and many other types of valuable information. To decrypt the data, hackers often demand a ransom, which can be up to millions of dollars. Paying a ransom not only causes financial loss but also does not guarantee that the data will be successfully decrypted, not to mention that the data is not certain that the hacker will delete it or sometimes sell it to competitors. Even if the ransom is paid, there is no guarantee that the hacker will provide the decryption key or the key may not work as expected, leading to permanent data loss.

Victims may face legal consequences, including lawsuits and fines from regulatory agencies, as a result of the loss of personal or sensitive data. A successful attack may also indicate that an organization’s systems are vulnerable, increasing the risk of similar attacks in the future.

Regarding the ransom payment by the subject in a ransomware attack, Mr. Ngo Minh Hieu said that paying the ransom has many potential risks and other negative consequences. Some specific risks that victims may face when deciding to pay the ransom to rescue data include: There is no guarantee that the hacker will provide the decryption key after receiving the ransom, or the decryption key provided does not work, causing the victim to lose money but the data cannot be recovered. Paying the ransom may encourage cybercriminals to continue to carry out similar attacks, not only against current victims but also against other organizations, because it proves that ransomware attacks are a profitable method.

Paying a ransom does not address the root cause of the security issue. The hacker may have installed additional backdoors or malware on the system, allowing them to continue their unauthorized access or launch new attacks. Even after receiving the ransom, the hacker may decide to sell the victim’s sensitive data on the dark web or use it for other illegal purposes, including further scams, fraud, or extortion.

In some cases, paying a ransom may violate legal regulations, especially when an organization is unwittingly funding terrorist organizations or sanctioned entities. Paying a ransom and the publicity of a ransomware attack can severely damage an organization’s reputation and erode the trust of customers, partners, and investors.

To prevent cyber attacks, some solutions that Mr. Ngo Minh Hieu thinks businesses should implement soon include: Performing regular data backups, checking backups to ensure that backups can be restored fully and promptly.

Next is updating operating systems, applications and security software to patch vulnerabilities that can be exploited; increasing cybersecurity training and awareness; planning for incident prevention and response; and participating in threat intelligence sharing groups for timely handling.