2024 Demystifying Ransomware: How Data Encryption Attacks Take Hold and Hold You Hostage

  Cyber security experts describe an eight-step ransomware data encryption attack, which emphasizes that hackers attacking through zero-day security vulnerabilities are almost impossible to stop.

On April 5, the Vietnam Information Technology Press Club (Vietnam ICT Press Club) coordinated with the National Cyber Security Association to organize a seminar "Preventing ransomware data encryption attacks".


Here, Mr. Vu Ngoc Son, Technical Director of NCS National Cyber Security Technology Joint Stock Company, Head of the Technology Research Department of the National Cyber Security Association, described specifically a code attack. ransomware data.


How does a ransomware data encryption attack work? - first

Mr. Vu Ngoc Son, Technical Director of National Cyber Security Technology Joint Stock Company (NCS), predicted that encryption attacks will continue in the future (Photo: Cuong Quyet).


Accordingly, a data encryption attack will include 8 steps:


1. Search


First, hackers will try to find vulnerabilities in the system such as scanning for website vulnerabilities, mail servers, and software vulnerabilities. These are often zero-day vulnerabilities (unpatched or unpublished vulnerabilities), so are unknown to users and manufacturers.


Attacks through zero-day vulnerabilities are nearly impossible to prevent. Hackers detecting this vulnerability usually takes several months, not a day or two. During the time hackers are searching, if we monitor well and know the object we are searching for, we can prevent it early, avoiding the risk of data encryption attacks.


2. Intrusion


Hackers will take control of the server or admin machine or user machine. This stage often happens very quickly, sometimes in just a few minutes, especially through zero-day vulnerabilities. This stage is often difficult to prevent.


3. Lying in the area


This is a very important step for hackers as well as system administrators. This step usually lasts 3-6 months. If there is the ability to monitor and detect during this period, it can also be prevented.


Lying undercover helps hackers collect information and identify important targets. There are 3 goals hackers aim for: where is important data located, what is the user management system like, and what is the mission of the IT systems in that organization or business.



Watch More See many hot photo albums >>>

4. Encryption


At this point, the hacker will run encryption tools. How users encrypt data, hackers also use the same tool to encrypt. This can be a public tool or customized for faster encryption.


5. Clean up


Before we found the hacker, they promptly deleted all access data. This is very important for hackers because systems often store access logs. Hackers can find out where the system stores logs and clean up access logs to erase traces. After cleaning up, they started asking for money.

Đăng nhận xét

Mới hơn Cũ hơn