Urgent action to stop $1,000 ransom malware spreading in Vietnam
Victims are asked to pay a ransom of between $400 and $1,000 in exchange for a decryption key when their systems are infected with GandCrab malware.
 |
| When a computer is infected with GandCrab, victims are asked to pay a ransom of up to $1,000 in exchange for a data decryption key. |
GandCrab is the latest ransomware to appear in Vietnam after CTB Locker and WannyCry. GandCrab attacks many countries including Vietnam.
Due to the serious nature of GandCrab, the Vietnam Computer Emergency Response Team (VNCERT) has just issued an urgent notice advising domestic organizations and users to be cautious and vigilant against this ransomware.
“The GandCrab ransomware is very dangerous, it can steal information and encrypt all data on infected machines. Hackers exploiting and attacking will cause many other serious consequences," said Mr. Nguyen Khac Lich, Deputy Director of VNCERT.
According to VNCERT, GandCrab spreads through the RIG vulnerability exploit kit. When infected, all data files on the user's computer will be encrypted and the file extension will be changed to*.GDCBor*.CRAB.
GandCrab malware also creates filesCRAB-DECRYPT.txt, instructing users to pay a ransom in DASH cryptocurrency in exchange for decrypting their data.
To prevent this dangerous malware, VNCERT recommends a number of measures including:
Monitor, block connections to GandCrab ransomware control servers and update protection systems such as IDS/IPS, Firewall...
Quickly isolate infected areas/machines and report to the National Coordination Agency (VNCERT) when GandCrab malware is detected.
Users should not open and click on links or attachments in emails containing .doc, .pdf, .zip, etc. files sent from strangers, or emails sent from acquaintances with unusual subject lines or language.
Users need to immediately notify the system administrator or information security department when receiving the above suspicious email.
This is not the first time ransomware has appeared in Vietnam. In 2016 and 2017, two ransomware codes, CTB Locker and WannyCry, infected thousands of computers of agencies, businesses and individual organizations./.
