Ransomware impersonating police forces attacks Vietnamese users
The Vietnam Computer Emergency Response Team (VNCERT) has just issued a warning about a new variant of the GandCrab ransomware being spread in the form of fake police emails sent to users.
Specifically, VNCERT has just discovered a campaign spreading ransomware targeting computer users in Vietnam and Southeast Asia. The malware being spread is GandCrab 5.2, the latest version of the GandCrab ransomware family.
It is known that GandCrab is a dangerous type of ransomware, first discovered in January 2018 when hackers spread this type of malware globally, including Vietnam.
 |
| Reader code impersonating Vietnam police force |
GandCrab can steal information and encrypt all data on the infected machine, then a ransom note appears on the victim's computer to decrypt the data files. Ransoms are paid in cryptocurrencies such as Dash or Bitcoin, with values ranging from $200 to over $1,000 depending on the amount encrypted.
In Vietnam, GandCrab 5.2 is distributed through fake emails from the Vietnamese Ministry of Public Security, with the title "Goi trong Cong an Nhan dan Viet Nam", which includes the attached file "documents.rar".
The fake emails from the authorities have fooled many users into opening the attachments in the emails without being alert. When users unzip and open the attachment, the malware is immediately activated and encrypts all data on the user's computer, while creating a ransom file and instructing users to pay a ransom of 400 to 1,000 USD in cryptocurrency to decrypt the data.
To prevent the GandCrab malware from spreading widely, VNCERT also requires leaders of relevant units or IT management units at enterprises... to monitor and prevent connections to the servers controlling the GandCrab malware. If a computer is found to be infected with GandCrab, it is necessary to quickly isolate the infected area or computer to prevent the spread.
According to security experts, most users currently interact mainly with personal and corporate devices, so the network is very vulnerable if businesses do not control or do not have strong anti-malware protection solutions.
Most antivirus solutions are ineffective if they are not updated regularly. Newer malware variants often appear unexpectedly, making them harder to detect using conventional techniques. Sometimes the system runs slowly, and many users even turn off virus scanning.
That’s why user education and awareness are so important when it comes to ransomware prevention. Always be cautious with emails, especially those that are unfamiliar or suspicious. Look closely at the domain name of the email sender. Check for typos, spelling, and consider the email signature and legitimacy. Check the links to see where they lead.
Enterprises also extend security by using anti-virus, anti-spyware, anti-intrusion, and other technologies on network devices. Avoid single-layer security in the security architecture.
Another way to avoid paying ransom is to regularly back up your data and have a recovery strategy. However, businesses need to have a smarter backup strategy that matches the importance of the data and the needs of the business.To achieve this, it is necessary to have a focused backup strategy and regular, periodic backup times.
To prevent GandCrab malware, VNCERT recommends that computer users be vigilant, do not open or click on links or attachments in emails containing .doc, .pdf, .zip, .rar... formats sent from strangers or from acquaintances but with unusual subject lines or language. Users should notify the system administrator if they receive a suspicious email.
