Bkav Technology Group announced that the consequences of data encryption cases are often devastating because recovering data is almost impossible.
Bkav Cybersecurity Company today said that from the beginning of the year until now, its Technical Support Center has received hundreds of calls from firms with viruses proliferation in computers infected with data encryption malware; they urged Bkav to handle the ransomware. Ransomware gangs blocked access to systems and then blackmailed these 77,000 firms into paying large ransoms.
After studying the spread of these viruses, experts pointed out weaknesses in many organizations’ computers.
For instance, Bkav said that at the beginning of May, the computing system of a large enterprise with a team of experienced administrators was attacked by hackers who asked for more than VND4 billion ransoms in exchange for the decryption key.
Furthermore, in mid-May, another enterprise was attacked by hackers who encrypted data on a series of servers and personal computers at midnight. Hackers demanded a US$9,000 ransom for each encrypted machine. Bkav's experts discovered that the system was attacked by the Jianliang encryption virus, which had never been recorded before.
Bkav's virus monitoring system also detected the STOP/DJVU data-encrypting malware line or FARGO3, which specializes in targeting businesses and organizations using accounting data management software. According to statistics, a total of 261 servers were attacked from more than 6,000 different IPs.
General Director of Bkav's Malware Research Center Nguyen Tien Dat said that due to the subjectivity of the system administrator, malicious codes have been raging businesses and organizations. Among hundreds of businesses asking Bkav for help, more than 50 percent of organizations and individuals do not use anti-virus software or install inadequate protection applications.
Worse, particularly, some organizations have a lot of important data but they save money by using free anti-virus soft wares which is capable of handling common malicious codes, only suitable for protecting not too important data but unable to completely remove data-encrypting viruses.
According to Bkav, data encryption malware uses many attacking methods such as exploiting web service vulnerabilities, brute force into SQL services, and operating system vulnerabilities. The other way is to attack a personal computer, then silently scan and penetrate the servers and other computers in the network.