Novel Vietnam-based ransomware operation detailed

China, Vietnam, and Bulgaria, as well as English-speaking countries, have been subjected to attacks by a new Vietnam-based ransomware operation that emerged in early June, CyberScoop reports. Attacks by the newly emergent ransomware group involved the use of a Yashma ransomware variant enabling the download of a ransomware note from a GitHub repository in a bid to bypass endpoint detection systems, a report from Cisco Talos showed. Such a threat has been attributed with "moderate confidence" to a Vietnam-based actor after the ransom note was found to spoof a Vietnamese entity as well as indicate time zones overlapping with Vietnam. Researchers also found that the ransom note, which resembles those by WannaCry, has warned of a twofold increase in ransom should impacted entities refuse payment within three days and total file recovery prevention should payment not be given within a week. Such a threat comes amid an Akamai report revealing that ransomware victims rose by 143% during the first three months of 2023 over the same period last year due to more prevalent exploitation of zero- and one-day flaws.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.