Ransomware impersonating police forces attacks Vietnamese users
The Vietnam Computer Emergency Response Team (VNCERT) has just issued a warning about a new variant of the GandCrab ransomware being spread through fake police emails sent to users.
Specifically, VNCERT has just discovered a campaign spreading ransomware targeting computer users in Vietnam and Southeast Asia. The malware being spread is GandCrab 5.2, the latest version of the GandCrab ransomware family.
It is known that GandCrab is a dangerous type of ransomware, first discovered in January 2018 when hackers spread this type of malware globally, including Vietnam.
 |
| Reader code impersonating Vietnamese police force |
GandCrab can steal information and encrypt all data on the infected machine, then a ransom note will appear on the victim's computer to decrypt the data files. Ransom is paid in cryptocurrencies such as Dash or Bitcoin, with values ranging from 200 to more than 1,000 USD depending on the amount encrypted.
In Vietnam, GandCrab 5.2 was distributed through fake emails from the Vietnamese Ministry of Public Security, with the title "Goi trong Cong an Nhan dan Viet Nam", which included the attached file "documents.rar".
The fake emails of the authorities have fooled many users into opening the attachments in the emails without being careful. When the user unzips and opens the attachment, the malware is immediately activated and encrypts all data on the user's computer, while creating a file demanding and instructing the user to pay a ransom of 400 to 1,000 USD in cryptocurrency to decrypt the data.
To prevent the GandCrab malware from spreading widely, VNCERT also requires leaders of relevant units or IT management units at enterprises... to monitor and prevent connections to the servers controlling the GandCrab malware. If a computer is found to be infected with GandCrab, it is necessary to quickly isolate the infected area or computer to prevent the spread.
According to security experts, most users currently interact mainly with personal and corporate devices, so the network is very vulnerable if businesses do not control or do not have strong anti-malware protection solutions.
Most antivirus solutions are ineffective without regular updates. Newer malware variants often appear unexpectedly, making them harder to detect using conventional techniques. Sometimes the system runs slowly, and many users even turn off virus scanning.
That’s why user education and awareness are so important when it comes to ransomware prevention. Always be cautious with emails, especially unfamiliar or suspicious ones. Look closely at the sender’s domain name. Check for typos, spelling errors, and consider the email signature and legitimacy. Check the links to see where they lead.
Enterprises also extend security by using anti-virus, anti-spyware, anti-intrusion, and other technologies on network devices. Avoid single-layer security in the security architecture.
Another way to avoid paying ransom is to regularly back up your data and have a recovery strategy. However, businesses need to have a smarter backup strategy that is tailored to the importance of the data and the needs of the business.In order to have a centralized backup strategy and regular, periodic backups, it is necessary to have a centralized backup strategy and regular, periodic backups.
To prevent GandCrab malware, VNCERT recommends that computer users be more vigilant, do not open and click on links or attachments in emails containing .doc, .pdf, .zip, .rar... formats sent from strangers or from acquaintances but with unusual subject lines or language. Users should notify the system administrator if they receive a suspicious email.
