The Vietnam Computer Emergency Response Team (VNCERT), under the Ministry of Information and Communications, has issued warnings as well as offered protection measures to all users to guard against the ransomware and its variations, which target Microsoft Windows - an operating system that is widely used in Vietnam, especially the outdated Windows XP.
Kaspersky has listed Vietnam among the top 20 countries most affected by this ransomware; the other countries and territories include Russia, Ukraine, India, Taiwan, and mainland China.
The VNCERT said the ransomware is extremely dangerous as it is capable of stealing information and decrypting the entire system that has been infected.
Once the computer’s data has been encrypted, or locked down, a message would appear saying that the users’ files are no longer accessible. Should they want to get their data back, users are asked to pay up large sums of money to get a decryption key. The longer the users wait, the higher the ransom money. The hackers behind WannaCry only accept ransom paid via BitCoin, a digital currency that ensures that the transaction cannot be traced.
The State Bank of Vietnam on May 15 confirmed that no Vietnamese credit institutions were affected by the WannaCry ransomware. It urged all banks in the country to take precautions against the ransomware.
Vu Ngoc Son, deputy head of the anti-malware department of Bkav Corporation, the largest internet security firm in Vietnam, said that the WannaCry ransomware’s behaviour is “not new”, but he believes that the use of this ransomware will not really ease up as “it can directly earn large profits for hackers”.
Bkav recommends that all computer users immediately install updates and security patches and hotfixes via Windows Update. Users are also advised to back up valuable data regularly, either to cloud services or to another disk drives, an not click on suspicious links or attached files.
Mac or Linux users are at the moment safe from harm, but there remains a risk they could be infected via the intranet once a member computer is infected.
Currently, an estimated 200,000 victims in 150 different countries are reported to have been hit by the cyberattack.
WannaCry exploits a Windows vulnerability codenamed EternalBlue, which has been patched by Microsoft in an update deployed on March 14. However, not everyone has installed the patch yet, and those who have not are vulnerable to WannaCry.
The exploitation of EternalBlue, suspected to have been developed using a hacking method leaked from US National Security Agency, allows the malware to spread through file-sharing protocols set up across the internal networks of organisations, many of which criss-cross the globe, according to Financial Times.
WannaCry developers have prepared a Q&A section in various languages, offering infected users localised instructions on how to recover data and how to pay the ransom.