Ransomware, as the name suggests, is malicious software designed to block access to a computer system or encrypt its data until a sum of money (a ransom) is paid. These attacks have been carried out on both individuals and corporations. “With ransomware groups leveraging increasingly sophisticated methods, companies in the region are all feeling the pressure as attackers exploit vulnerabilities in the increasingly complex corporate IT and network infrastructure,” said Adrian Hia, managing director for Asia Pacific at Kaspersky. Overall, Kaspersky solutions used in businesses in the region detected and blocked a total of 135,274 ransomware attacks last year.[1]
Among the hardest hit were businesses in Indonesia, with 57,554 attacks, followed by Vietnam (29,282), the Philippines (21,629), Thailand (13,958), Malaysia (12,643), and Singapore (208). A separate 2024 report from the National Cybersecurity Association revealed that 14.6% of 5,000 surveyed organizations and businesses in Vietnam had experienced ransomware attacks. Some of the most severe and prolonged cases included incidents at PVOIL, VnDirect, and Vietnam Post.
On 12 April, the CMC Corporation confirmed it had fallen victim to a targeted ransomware attack by the cybercriminal group known as Crypto24. The breach is the latest in a series of high-profile incidents that underscore the growing threat of ransomware in the country.
Vu Ngoc Son, head of the Technology Research Unit at the National Cybersecurity Association, compared ransomware attacks to criminals infiltrating and hiding inside a supermarket. “After months of quiet observation, sometimes up to half a year, attackers know exactly where the valuable assets are, the safe’s password, and the access codes. At the right moment, they lock down the entire warehouse, and no one can access the assets inside,” he explained.
Once the decryption key is in the hands of attackers, it is only exchanged if the victim agrees to pay a ransom. If the encrypted data hasn’t been properly backed up, the only option for the victim is to pay to regain access. Ransoms are usually demanded in Bitcoin, making it difficult to trace the perpetrators. Sơn stressed that the current landscape highlights the urgent need to raise cybersecurity awareness and invest in modern defense systems.
Hia echoed this, adding that ransomware groups persist in refining their tactics, exploiting known vulnerabilities and leveraging advantages to gain unauthorized access. “By targeting internet-facing applications, manipulating local accounts, and evading end-point defenses, they demonstrate a sophisticated mastery of network weaknesses. The ongoing threat emphasizes the urgent need for robust cybersecurity defenses, as adversaries continue to innovate and exploit even the most familiar vulnerabilities,” he added.
To mitigate risks, experts recommend several key measures, including disabling unused ports and services, applying regular software updates and patches, conducting frequent vulnerability scans and penetration tests, training employees in cybersecurity best practices, and maintaining up-to-date backups with tested recovery procedures.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://english.vov.vn/en/economy/southeast-asian-businesses-face-400-ransomware-attacks-daily-post1194376.vov
Comments