New ransomware GandCrab attacks Vietnamese enterprises

• Is Vietnam ready for the next ransomware attack?
• Few computers in Vietnam remain infected with WannaCry ransomware
• Ministry issues warnings and protection measures against WannaCry ransomware attacks

Once infected, all data files on the user's computer will be encrypted, and the file extension will be changed to *.GDCB or *.CRAB. From this point, the infected files become unusable.

To decrypt the file, the ransomware generates a file named CRAB-DECRYPT.txt, and requests user to pay a ransom of 400 to 1000 USD in the e-currency of DASH.

The malware is distributed through the RIG Exploit Kit. Photo: VNN

VNCERT claimed that GandCrab is a very dangerous ransomware. VNCERT recommended enterprises and other users to block connection to the GandCrab host server and update anti-virus software such as IDS/IPS, Firewall.

Computer users should not open or click on links or email's attachments containing .doc, .pdf, .zip files sent from strangers, or from acquaintances but with an unusual title or language.

In case of detecting infected computers, organizations and enterprises should immediately isolate the infected computer and notify VNCERT for early treatment.

In the first two months of 2018, more than 1,500 cyber attacks were recorded in Vietnam, including 962 Deface attacks, 324 Malware attacks and 218 Phishing attacks. These included hundreds of attacks on websites of State agencies with the domain name ".gov.vn".