The entrance to a shopping mall in Seoul, South Korea is closed after a ransomware attack. (Source: Yonhap) On June 3, a large plastic surgery hospital in the south of Seoul announced on its website that its server had been attacked with ransomware and that hackers appeared to have stolen data. patient’s personal data. This is the latest in a series of recently reported ransomware attacks – a tactic used by cybercriminals to infiltrate businesses’ systems and use their data to demand ransom. ransom. According to the Korean Ministry of Science and Information Technology, last year there were 127 ransomware attacks, a threefold increase from the previous year. Since the beginning of this year, the country has recorded 65 attacks with ransomware. Ransomware attacks have targeted various businesses in South Korea. Last month, food delivery company Super Hero’s operations were paralyzed for hours after an attack that affected 15,000 delivery workers nationwide. Last November, local retail and fashion group E-Land was also “inquired” by hackers, forcing 23 of the 50 branches of the NC Department Store and NewCore Outlet to suspend operations. Kim Seung-joo, a professor of cybersecurity at Korea University, said that in the context of companies being forced to choose to increase their reliance on remote working during the pandemic, ransomware attacks Money has become a bigger threat because they can paralyze the whole working system. This has led to many companies paying a ransom and has led hackers to carry out more attacks. Kim Seung-joo urged businesses to invest in cybersecurity to prevent the threat in the first place. In response to ransomware attacks, last month, South Korea’s Ministry of Information and Communications Technology set up a 24-hour monitoring team to assist hacked companies. The government is now providing assistance to affected companies in system recovery. (according to Yonhap)

Appropriate measures should be taken to limit the risk from ransomware. Illustration. With this form of attack, hackers often use tricks to fake websites, extract data of agencies and organizations and demand ransom. Cybercriminals carry out cyberattacks according to a concise strategy that is applicable to many industries. An analysis of recent experts shows that, in 2020 alone, the amount of damage related to ransomware attacks has reached billions of dollars. More dangerously, this behavior also targets the government’s information technology systems, causing serious impact. To protect critical data from attacks, government IT systems need to ensure external layers of security, while having the added responsibility of maintaining the infrastructure if an intrusion occurs. offense. According to studies, despite the development and expansion of the scope, the attacker’s methods still have similarities. Most hackers will illegally exploit the lowest-level vulnerabilities first, through some common and easy-to-implement method. Therefore, experts recommend to prevent ransomware from this initial step through some of the following methods. 1. Secure remote access Remote access is a familiar method often used by attackers, especially through unpatched vulnerabilities of information systems. Accordingly, hackers are constantly scanning the internet, looking for ways to exploit these vulnerabilities to perform attacks. To combat vulnerability scanning, organizations should prioritize patching vulnerabilities first. Along with that, to protect the system, experts recommend that organizations identify remote access systems to their systems by looking up IP addresses. If an attack is suspected, users should block public access to remote desktop protocol services (iRemoteDesktop – RDP), a secure shell that encrypts transmission data (Secure Socket Shell – SSH) ) and file transfer protocol (File Transfer Protocol – FTP). Agencies and organizations need to ensure that systems for remote access such as firewalls, VPN gateways, and email gateways are regularly patched, perform scanning for security holes, and deploy multi-factor authentication. Multi-factor Authentication (MFA) for accounts that are authorized for remote access. Hackers take advantage of security holes to attack the network. Illustration. 2. Email security Many ransomware incidents can start with an email sent to a user. This attack method is gradually becoming popular for hackers to perform blackmail. Experts say it’s safer to prevent unsolicited emails in the first place. The email security system acts as a “fence” to protect the strange messages from the internet and private mailboxes in the intranet system. To avoid email threats, users need to make sure email messages are scanned through a filtering system, and check attachments and links for advanced threats. In addition, account holders should audit or block password-protected documents as hackers often use this method to bypass email data scanning. 3. Keep data backups safe The third most common method for ransomware is to identify the target, encrypt the data, and then completely delete the backups. In addition to the data on the network and the data being used directly, the hacker will search all backups and encrypt them, disabling the data to increase the possibility of ransom from the victim. The victim then has a high probability of paying to buy back these encrypted data. Therefore, individuals, agencies and organizations should have backup plans to ensure the safety of all data. 4. Implement a 3-2-1 . Backup Strategy Without the right protections, backups, and archiving, concurrent copies on the same network are vulnerable to hackers. To avoid network-wide attacks, experts have come up with a safe backup measure for users’ data systems. For all important files, users should store 3 copies, including 1 primary backup for daily use and 2 backup copies. In it, the files will be saved on 2 different media environments to reduce the possibility of mass attacks. These copies must be in place so that data can be accessed and restored easily and quickly in the event of a failure. At the same time, users should save 1 copy outside the work network or home network, in case of force majeure situations due to natural disasters, unexpected disasters.

The attack was one of the most disruptive digital ransom schemes reported, prompting US lawmakers to call for increased protection of America’s critical energy infrastructure from hackers. Commerce Secretary Gina Raimondo said pipeline repairs were a priority for the Biden administration and Washington was working to avoid more severe fuel supply disruptions by helping Colonial restart the road network. The tube is more than 5,500 miles (8,850 km) long. “Right now it’s an all-in-one effort,” Raimondo said on CBS’s “Face the Nation.” “We are working closely with company, state and local officials to ensure they return to normal operations as quickly as possible and without disruption to supplies,” Colonial said. The pipeline network was attacked – Photo: Reuters Their main fuel lines are still offline, but some of the smaller routes between the terminals and delivery points are now up and running. Neither Raimondo nor the company has given an estimate of a full reboot date. U.S. gasoline futures rose more than 3% to $2,217 a gallon, the highest since May 2018 as trading opened for the week and market participants reacted to pipeline closures. Colonial ships about 2.5 million barrels per day of gasoline and other fuels from refineries on the Gulf Coast to consumers. Its extensive pipeline network serves major US airports including Atlanta’s Hartsfield Jackson Airport, the world’s busiest airport by passenger traffic. A spokeswoman for Charlotte Douglas International Airport said the airport had supplies on hand and was “monitoring the situation closely”. Retail fuel experts including the American Automobile Association say outages lasting several days could have a significant impact on fuel supplies in the region, particularly in the southeastern US. Colonial Pipeline’s fuel tanks – Photo: Reuters While the US government investigation is in its early stages, a former official and three industry sources said the suspected hackers were a professional cybercrime group called DarkSide. DarkSide is one of many gangs that often use malware to extort victims. These groups gain access to private networks, encrypt files with software, and often steal data. They ask for money to decrypt the files and ask for more money to not publish the stolen content. During the Colonial attack, the hackers stole more than 100 gigabytes of data.

Although Indonesia still ranks 5th globally in the number of ransomware attacks detected, it has dropped from 1,158,837 cases in 2019 to 439,473 cases in 2020. This downtrend also also appeared in other countries in the region including Vietnam, the Philippines, Malaysia and Thailand. China remains at the top of the list for the number of ransomware cases globally in both 2019 and 2020. Meanwhile, Brazil and Russia have swapped the 2nd and 3rd place in the rankings, with Brazil currently ranked 2nd by 2020. “When I look at the statistics for individual ransomware groups, I find that this trend is in line with an overall drop in the number of detected cases,” said Fedor Sinitsyn, security researcher at Kaspersky. This is mainly due to the decrease in the number of cases involving WannaCry. This group makes up a significant portion of all the ransomware discovered to date, although for more than three years these have not been supported by the “originator” and exist only as one. “zombie” “. One of the most persistent cyber threats facing small and medium businesses in the region is still ransomware, malicious code designed to infect the computers of organizations and individuals, and encrypting data. Data inside and block access to the computer. The attackers will then request a fee from the victim in exchange for re-activation of the system. Ransomware attacks may be on the decline, but Kaspersky has been warning businesses of all sizes in every sector about the increasing activity of Ransomware 2.0, also known as ransomware. have purpose. Mr. Yeo Siang Tiong, General Manager of Kaspersky Southeast Asia commented: “We should not be optimistic that the number of detected ransomware cases has decreased. Since last year, we have noticed a number of changes to this threat. The ransomware teams are now more concerned with quality than quantity. This means that instead of randomly and passively waiting for an unsafe user to bite, the attackers are now actively hunting for victims ”.

In particular, the number of attacks on Vietnamese enterprises fell sharply, from 536.6 thousand cases in 2019, to 204.7 thousand cases in 2020. This pulled Vietnam’s ranking to 11 worldwide. , improved from the 7th place in 2019. In Southeast Asia, Singapore remains the country with the least number of detected attacks, ranking 78 globally. However, out of six Southeast Asian countries, Singapore is the only one experiencing an increase in the number of ransomware infection attempts. Number of detected cases increased from 2,275 in 2019 to 3,191 in 2020. Number of attacks on SMEs detected by Kaspersky in Southeast Asian countries. Although Indonesia still ranks 5th globally in terms of the number of ransomware incidents detected, the country has dropped from 1,158,837 cases in 2019 to 439,473 cases in 2020. This downtrend also coincides with export. currently in other countries in the region including the Philippines, Malaysia and Thailand. China remains at the top of the list for the number of ransomware cases globally in both 2019 and 2020. Meanwhile, Brazil and Russia have swapped the 2nd and 3rd place in the rankings, with Brazil currently ranked 2nd by 2020. Ransomware is designed to infect organizations and individuals’ computers, encrypt the internal data and block access to the computer. The attackers will then request a fee from the victim in exchange for re-activation of the system. Ransomware attacks may be on the decline, but Kaspersky has been warning businesses of all sizes in every sector about the growing activity of ‘Ransomware 2.0’, also known as software. targeted extortion. In the new method, the criminals do not ask for ransom to unlock the data, they threaten to publicly disclose the data they hold, adding pressure to the victims to pay the ransom to protect their reputation. .