Breaking News

Two notorious hacker groups with ransomware 2.0, Vietnam in sight

Monday, May 31, 2021 16:30 PM (GMT+7)

There are notorious hacker groups that are still looking for targets to attack by encryption ransom.

According to Kaspersky’s latest report, 2020 is the year of the wave of Ransomware 2.0 in the Asia-Pacific region (APAC). This report also reveals more information surrounding the notorious ransomware groups – REvil and JSWorm.

Ransomware 2.0 includes groups of ransomware that attack purposefully, not only stealing data, but also using the obtained data to extort money. A successful attack causes a lot of damage in terms of money and reputation of the victim.

Ransomware is a type of malicious code that is dangerous because it involves user data.

Alexey Shulmin, Head of Malware Analysis at Kaspersky, said: “2020 has been a fruitful year for ransomware groups as they transition from storage operations to data theft and extortion. At APAC, we see the rise of two active groups: REvil and JSWorm. Both appeared when the pandemic spread throughout the region and there is no sign of stopping in the near future.

REvil (also known as Sodinokibi, Sodin). Kaspersky first reported on the REvil ransomware in July 2019. This group initially spread through the Oracle Weblogic vulnerability and performed the MSP (Management Service Provider) attack. The peak of REvil’s attack was in August 2019 with 289 potential victims and gradually decreased by mid-2020.

“In 2019, the majority of victims were concentrated in APAC, specifically Taiwan, Hong Kong and South Korea. Until last year, Kaspersky detected the presence of most countries and territories on this group’s attack map. It can be said that during the period of silence, REvil has spent time improving its arsenal, methods of finding victims, and network reach,” Shulmin shared.

Even so, APAC is still REvil’s top target area. Of the 1,764 users hacked in 2020, 635 (36%) companies are from this region. In terms of specific countries and territories, Brazil is the country with the highest number of incidents, followed by Vietnam, South Africa, China and India.

Based on leaked data from the cybercriminal group’s own website, Kaspersky experts classify targets by various professions, in which Engineering and Manufacturing account for 30%, followed by Finance (14%). ) and Customer Service (9%). Legal, IT and Telecommunications, F&B together accounted for 7%.

Two notorious hacker groups with ransomware 2.0, Vietnam in sight - 3

Computers can be encrypted by crooks with just a small mistake.

Just like REvil, SWorm (also known as Nemty, Nefilim, Offwhite, Fusion, Milihpen,…) contribute to the 2019 ransomware landscape, with more diverse targets. During the first months of operation, they are found all over the world from North America to South America (Brazil, Argentina, USA), the Middle East and Africa (South Africa, Turkey, Iran), Europe Europe (Italy, France, Germany) and APAC (Vietnam).

Compared to REvil, the number of victims of JSWorm is quite small, but it can be seen that this group attacks on a larger scale. Notably, Kaspersky experts detected the redirection of this group’s attack to the APAC region with 39% of the targeted corporations and individuals in 2020 coming from APAC. China is the country with the highest number of JSWorm infections globally, followed by the US, Vietnam, Mexico and Russia.

Regarding targeted industries, JSWorm focused largely on critical infrastructure worldwide: 41% of attacks targeted Engineering and Manufacturing companies, others included Energy and Utilities. (10%), Finance (10%), Customer Service (10%), Transportation (7%) and Healthcare (7%). These figures are based on information leaked from the JSWorm website itself.

To ensure safety against the wave of Ransomware 2.0, Kaspersky recommends:

– Update operating system and software patches.

– Training employees on cybersecurity when working remotely.

– Only use secure technology when using a remote connection.

– Perform internal network testing and evaluation.

– Use endpoint security with behavior detection and file auto-recovery, such as Kaspersky Endpoint Security for Business.

– Never follow a cybercriminal’s request; Do not act alone, but contact the relevant party who can help.


Hieu PC

Cybersecurity is an alarming issue when Vietnam once entered the top 10 countries with the worst information security in the world.


Leave a Reply

Your email address will not be published. Required fields are marked *