Skip to main content

How to protect your corporate network from ransomware (EN)


The Sudden Rise of Ransomware and Data Hacking

Ransomware refers to malicious software in which a hacker encrypts the victim’s system or data to make it inaccessible and demands a ransom payment.

In Start-Up, a popular television series by tvN, the protagonist’s start-up company is attacked by ransomware and receives a threat from the hacker that all recovery keys for the encrypted files will be destroyed if they don’t transfer 300 million KRW within 12 hours. 

Scenes from Start-Up depicting a ransomware attack (tvN)

The attack starts when a newly hired developer opens Port 20 to connect it to the server using SSH (Secure Shell) for remote work, and since it’s still in the beta-testing stage, the files have not even been backed up. 
In the end, the protagonist comes in to find a trace of a suspicious file in the Scheduler library and eventually defeats the ransomware by obtaining the restore keys. 
While the accident is described only briefly in the show, ransomware, spyware, and phishing attacks that hide malicious code in a computer to steal customer data are an extremely common type of data security accident.

What is Ransomware?

Ransomware is a form of malicious software (malware) that blocks access to computer systems or files until a certain amount of money or ransom is paid. Such cyberattacks involve encrypting victims’ data, rendering it inaccessible. Attackers commonly demand payment in cryptocurrency in exchange for the decryption key or unlocking the system. According to the Threat Intelligence Index published by IBM Security X-Force in 2023, 17% of cyberattacks that occurred in 2022 were ransomware attacks.

Ransomware spreads via phishing emails and malicious websites, as well as by exploiting software flaws. It uses malicious code to break into the system and encrypts the files or the entire system, limiting or blocking victims’ access to the data. Afterward, attackers permanently delete the files or demand a ransom payment, threatening that they will increase the amount of ransom if it’s not paid by the deadline.

A Case of a Ransomware Attack in Vietnam

There was a client in Vietnam who had been operating an outdated ERP for roughly 10 years and opted to have it migrated to the cloud. This was because a Vietnamese corporation took over their Thai factory, which housed the server, requiring the ERP database to be transferred to the cloud. 
While migrating this 10-year-old, 20TB database (MySQL) to Vietnam, the administrator accidentally exposed the database server on the internet and received the following email two days later.



To recover your lost database, send 0.02 Bitcoin (BTC) to our Bitcoin address.

………………..  After this, contact us by email with your server IP or domain name and proof of payment (payment ID).

Your database is downloaded and backed up on our servers. Any email without your server IP address or domain name and proof of payment together will be ignored. If we dont receive your payment within the next 10 days, we will delete or leak your sensitive information.”

As of December 1, 2023, 1 BTC is worth about 30 million KRW, Thus, 0.02 BTC is about 600,000 KRW. 

Although this is not a large sum of money, attackers would give back only part of the data upon receiving the payment and demand another ransom for the remaining data. At first, they propose a small ransom for relatively unimportant data and then demand a much larger amount of money in exchange for crucial data. Furthermore, most SMEs don’t possess a Bitcoin account or don’t know how to make a transfer using one. With these repeated payments, the total amount of ransom soon reaches 10 million or even 100 million KRW.

How is a System Hacked?

To know if your system has been hacked, you first should check out the logs and find the IP address connected to your database server so you can identify its country and region. 

If the database server uses a public IP or is exposed to the outside world, hackers can figure out its IP and port information without much hassle. (There are even websites that give access to such information.) 

Ransomware hackers also leave a note specifying their demands somewhere where the system administrator can easily come across it. In the image below, you can see how the hacker kindly left the amount of Bitcoin to be paid in the MySQL table as well as their Bitcoin address and the email address for their temporary email.

Example of a typical ransomware attack (MySQL table) Source: Google Search

A normal database server is vulnerable to hacking if it: 

  • allows remote access from the outside
  • uses default values in MySQL (username and port values)
  • uses simple passwords (12345678, pass1234, etc.)
  • is attacked by an inactive, suspicious account
  • doesn’t carry out automatic updates or patches for a long time

Preventing Ransomware Attacks

Protecting a database server from hacking requires effort from users. While AWS is said to be an extremely secure cloud platform, it’s still important to take basic precautions. 

The following are strategies proposed by the Ministry of Science and ICT and the Korea Internet & Security Agency to prevent ransomware attacks. 

  • Build a web application database using a 3-tier architecture
  • Do not allow external IPs or ports to access the database (Don’t use default port values for key services)
  • If allowing external access, make sure it is via SSH and grant access only to certain accounts
  • Perform regular backups 
  • Change passwords regularly
  • Encrypt each database table individually
  • Do not use default port values

Above all, implementing preventive measures and backups is key to security management. 

In collaboration with various security management solutions in Vietnam and Korea, Tech Valley offers cybersecurity solutions that assess the level of security at companies, encrypt their databases and data, detect break-ins, and so forth. This is primarily done using technology and experts specializing in cloud solutions as well as technological partnerships with third-party solutions.


 

Vietnam IT Blogger | Tech Valley CEO Doyeon (Patrick) Kim

go2hanoi (KakaoTalk),  patrick@techvalley.biz

** The copyright for this post is owned by Patrick Kim. This content is intended for publication, and individuals seeking to quote or reproduce it must obtain prior permission.

 Feb. 21,2024・Translated and Published by Uptempo Global 

Labels:
Location: 베트남 Hanoi, 하노이

Comments

Post a Comment

Popular posts from this blog

“When Will an AWS Data Center Arrive in Vietnam?”

 Amazon Web Service (AWS), the leader in Vietnam’s cloud market, has been closely working with the Vietnamese government to encourage major corporations to adopt AWS global clouds.  Nevertheless, AWS, as well as international cloud platforms like GCP (Google Cloud Platform), Microsoft Azure, and Alibaba still have their servers located abroad, failing to meet government regulations (drafted amendment to Decree 72 of the Law on Cybersecurity) regarding domestic data storage.  Even though other key foreign cloud companies criticize Vietnam’s banning of international data transfer, AWS says it’s willing to comply with government regulations on the cloud business in all countries in order to protect customers’ data. (AWS Singapore Priya Lakshmi) However, for a CSP (Cloud Service Provider) to construct a data center, they need to invest billions of dollars and obtain government permission, licenses, and so forth by working with interested parties.  There are also many oth...
Post a Comment
Read more

[NGÀNH CÔNG NGHIỆP GAME VIỆT NAM] Khát khao tài năng và đào tạo nhân tài tại các trường đại học

TIỀM NĂNG VÀ THÁCH THỨC CỦA NGÀNH CÔNG NGHIỆP GAME VIỆT NAM Theo báo cáo của Statista, năm 2024 ngành công nghiệp Game Việt Nam tạo ra tổng doanh thu khoảng 450 triệu USD. Con số này ​​sẽ tiếp tục tăng trưởng với tốc độ hàng năm là 8,6% và đạt 580 triệu USD vào năm 2027. Dự kiến doanh thu của thị trường Game Việt Nam 2018-2027 (Nguồn:  Statista ) Bằng chứng là, tại sự kiện Think Apps 2023 do Google tổ chức vào cuối tháng 7 năm 2023 tại thành phố Hồ Chí Minh, đại diện Google đã trích dẫn dữ liệu từ báo cáo của DataAI và AppMagic cho thấy Việt Nam đã thăng hạng lên vị trí nổi bật trong số 15 quốc gia hàng đầu trong ngành Game. Số lượng tải xuống là 5 tỷ lần. Đặc biệt, cứ 25 trò chơi được giới thiệu trên App Store thì có 1 trò chơi được tạo ra tại Việt Nam.  Ms. Phuong - Sinh viên năm 1 tại khoa lập trình Đại học RMIT  Tuy nhiên, mặc dù ngành công nghiệp Game Việt Nam đang phát triển một cách nhanh chóng nhưng vẫn chưa chiếm được vị trí lớn trên bản đồ Game thế giới. Có rất ...
Post a Comment
Read more

[The Game Industry in Vietnam] The Thirst for Creativity, and Universities Fostering Talent

 The Bright and Dark Sides of Vietnam’s Game Industry According to a report published by Statista, the game industry in Vietnam is anticipated to generate a total revenue of 450 million dollars in 2024, with an expected annual growth rate of 8.6% by 2027. In that year, the revenue is projected to reach 580 million dollars. Estimated revenues of Vietnam’s game market from 2018 to 2027 (Source: Statista ) As if to underscore this, during the Think Apps 2023 event held by Google in Ho Chi Minh City at the end of July 2023, the presenter from Google highlighted Vietnam’s rise to a significant position among the top 15 countries by referring to data published by DataAI and AppMagic. The number of downloads has reached 5 billion, and, furthermore, one in every 25 games featured on the App Store is made in Vietnam.  Ms. Phuong, currently a freshman in the Game Design program at RMIT  Despite the rapid growth of its gaming industry, Vietnam has not yet secured a prominent positio...
1 comment
Read more