According to VNCERT, in Vietnam, GandCrab 5.2 is mostly distributed to victims via a fake email of the Ministry of Public Security with the subject ‘Goi trong Cong an Nhan dan Viet Nam’, attached with a ‘documents.rar’ file. When email readers decompress and open the file, the ransomware is activated and then begins to encode all data on the infected computer. A new file is created to request the victim to pay a ransom of around $400 - $1,000 by digital currency so that their data can be decoded.
As said by Mr. Nguyen Minh Duc, Director of CyRadar Information Security, the latest kinds of ransomware have become more and more complex and dangerous.
Statistics from Bkav Cyber Security Company show that last year, the total cost from damaged by computer virus reached an unbelievable amount of VND14,900 billion (approx. $642.3 million), an increase of 21 percent compared to 2017 and an equivalence to0.26 percent Vietnamese GDP.
Noticeably, in 2018, more than 60 percent organizations and companies in Vietnam were infected with ransomware, meaning a grave data loss and serious work deficiency. This signals the nation did not pay sufficient attention to cyber security.
The National Cyber Security Center (NCSC) under the Authority of Information Security (a member of the Ministry of Information and Communications) shared that in the first 2 months of 2019, there were over 210 attacks to install malware onto various information systems in Vietnam.
Kaspersky Security Network also classified Vietnam as one of the top three nations to received the most cyber attacks in 2018. It, therefore, insisted on the necessity for domestic organizations to cooperate with each other to protect the cyber space.
In particular, in January, NCSC signed a Memorandum of Understanding with Kaspersky Lab to deliver practical solutions to address domestic cyber security challenges and enhance the cyberspace protection capability of the Vietnamese government.
Similarly, in 2018, Kaspersky Lab also signed a Memorandum of Understanding with the Vietnam Government Information Security Commission (VGISC) and the Authority of Information Security to develop specific solutions and services aiming at national cyberspace security, in both individual and organizational scales.