Through monitoring and supervision, the Department of Information Security has noticed the emergence of ransomware attacks targeting many agencies, organizations and businesses in Vietnam, especially in important fields such as finance, banking, energy, telecommunications, etc., causing property damage, reputational damage, and business interruption for the affected units.
According to the Department of Information Security, ransomware attacks today often start from a security weakness of an agency or organization. Attackers penetrate the system, maintain their presence, and expand the scope of their intrusion. From there, hackers can control the organization's information technology infrastructure, paralyzing the system.
Faced with this situation, the Department of Information Security has developed a handbook on a number of measures to prevent, combat, and minimize risks from ransomware attacks for organizations and businesses, aiming to ensure national cyberspace security.
9 measures to prevent and minimize the risk of ransomware attacks
The handbook of the Department of Information Security lists 9 measures to prevent and minimize the risk of ransomware attacks for organizations and businesses.
First, it is necessary to build a backup and data recovery plan for important information systems according to the 3-2-1 backup rule, including 3 backup copies on different storage media, saved on at least 2 different types of media, and one copy saved offline.
Next, implement strong authentication measures for system access accounts. Solutions include setting up a secure password policy for all administrative accounts, important system access accounts, enabling multi-factor authentication (MFA) for all services if possible, especially for email, VPN, vCenter...
In addition, it is necessary to strictly partition network access, separate partitions of important resources, partition between the administrative network and the user network, use firewalls to control access between zones...
For critical systems, the privilege principle can be applied: do not use admin accounts for regular operations, disable unnecessary features, periodically evaluate admin accounts, use time-limited privileges...
Because hackers often exploit vulnerabilities to gain entry, organizations need to periodically scan for vulnerabilities and apply patches. Update software, operating systems, hypervisors, and related IT infrastructure to the latest versions, ensuring patches are downloaded from trusted sources.
In addition, limit the use of remote computer control services such as TeamViewer, Anydesk... Next, review all remote connection accounts using VPN, limit VPN access to resources, and deploy MFA on all VPN connections to increase security.
Follow and download the content of the Handbook on preventing and minimizing risks from ransomware attacks at khonggianmang.vn.
Ransomware prevention solutions also include: proactively and continuously monitoring to detect intrusions, proactively searching for signs of attacks by scanning for malware, requesting specialized information security (IT) units to handle malware if detected, checking for malware warnings on servers, and regularly updating indicators of APT malware.
Finally, plan a timely ransomware response process: develop an overview plan, update documents for each stage, prepare a communication plan, create a to-do list, regularly train employees on IT security, and monitor systems after an incident.
System recovery after ransomware attack detection
The Information Security Department's handbook also includes some instructions for restoring systems after detecting a ransomware attack.
First, identify the affected system and isolate the system network by blocking connections to/from these systems and network areas. If it is not possible to block the connection, it can be isolated by unplugging the network cable.
Next, classify the affected systems for recovery in a separate network area, prioritize the recovery of critical systems, ensure the server operating system recovers safely, and identify the files to be recovered.
In addition, it is possible to collect data from the server, malware samples in the system. Analyze encrypted data samples to identify ransomware, exchange with authorities to find a decryptor if available.
Finally, determine the scope of impact, the possibility of data theft. Identify the list of affected accounts of organizational users and customers.
If you need assistance, you can contact the specialized agencies on information security, including the Vietnam Cyberspace Emergency Response Center (VNCERT/CC) and the National Cyber Security Monitoring Center (NCSC).
See detailed manual here.
Source
![[e-Magazine] Reporters must know how to create multi-platform products](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/6/21/7e3f0e4d62434cffb490109bf838e069)
![[Photo] Central Propaganda and Mass Mobilization Department meets with exemplary journalists](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/6/21/9509840458074c03a5831541450d39f8)
![[Maritime News] Wan Hai Lines invests $150 million to buy 48,000 containers](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/6/20/c945a62aff624b4bb5c25e67e9bcc1cb)
Comment (0)