New ransomware spreading in Vietnam, nearly 4,000 computers infected

By Bao Nam   December 11, 2018 | 10:32 pm PT
New ransomware spreading in Vietnam, nearly 4,000 computers infected
A malicious code spreading in Vietnam is a fifth generation variant of GandCrab. Photo by Reuters/Kacper Pempel
More than 3,900 computers in Vietnam have been infected with the GandCrab data encryption virus, which takes data hostage for ransom.

According to the Whitehat Security Forum, the malicious code spreading in the country is a fifth generation variant of GandCrab. The first was first discovered by the world in January this year, and has been constantly upgraded with increasing levels of sophistication and complexity.

With nearly 4,000 computers infected, this encryption software could spread on the Internet in Vietnam. By sending the victim a fake e-mail, the hacker prompts the victim to open an attached text file.

This attachment contains GandCrab, and if the victim opens the file, their computer is infected with the malicious code, which then encrypts all the data, rendering it unopenable.

A ransom notice then appears on the computer, instructing the victim to install the Tor browser and pay a fee of $200-1,200 depending on the amount of data encrypted. Bkav, a leading tech software corporation, said none of the victims have made any ransom payment yet.

Security experts recommend that users install antivirus software on their PCs without opening attachments from unknown sources. In case users have to risk it, they can open the file in Safe Run software from Bkav.

Bkav Safe Run divides the system into safe zones called the Green Zone and a control area called Gray Zone. The mechanism diverts all dangerous effects from the Green Zone to the Gray Zone for control. As a result, even users who accidentally open a virus file or web page that contains a malicious code are unharmed.

According to Bkav, last year computer viruses caused Vietnamese users a loss of VND12.3 trillion ($540 million).

go to top