Major Tran Trung Hieu, Deputy Director of the National Cybersecurity Center under A05, revealed that the affected energy company, with annual revenue of billions of dollars was the victim of a ransomware attack on 1,000 servers, with hackers demanding $2.5 million in ransom.
The problem is that while private companies can pay money in exchange for encrypted data from hackers, state enterprises cannot as there is no regulation allowing them to do that.
A05 collaborated with a US law enforcement body to resolve the issue, securing decryption keys for the company, and if not, it might lose all data. If the problem had not been solved, the company would have faced data loss, which would have forced it to renegotiate and resign contracts with millions of households, costing significant time and money.
Cybersecurity challenges
Hieu noted that many Vietnamese companies are unprepared enough for cyber threats. “From my perspective, the cybersecurity readiness of Vietnamese enterprises is at level 2 or 3 at maximum,” he said.
Hoang Duc Hoan from VSEC asserted that ransomware is still one of the biggest threats in 2025.
Experts explained that once data is encrypted, there are only two options to deal with the problem, either paying ransom or using backups to restore data. To date, there has been no method to independently break hackers’ encryption algorithms.
The US-led Counter Ransomware Initiative (CRI) has issued a joint policy statement among countries, calling on victims not to pay ransom to hackers; otherwise, it will create a bad and especially dangerous precedent.
Experts recommend reporting attacks to authorities, preserving evidence, investigating internal and external factors, clarifying responsibilities, and implementing deterrents to prevent recurrence.
In fact, in recent days, some victims in Vietnam chose to pay ransom to restore data. However, experts say that when hackers collect ransom from victims, it will create an incentive for hackers to continue to attack other victims in Vietnam.
The National Cybersecurity Association predicted increased ransomware attacks targeting critical business fields, including energy, finance, and public agencies. These attacks may involve deeply embedded malware, with complex developments anticipated.
Meanwhile, although the MPS’s Department of Cyber Security and High-Tech Crime Prevention and Control and related agencies have repeatedly warned, the awareness of the role and importance of ensuring network safety and security of most information system owners is still limited.
The capacity to respond and handle and overcome problems in cyber attacks is still low; many important information technology systems are not developed synchronously, not monitored, inspected, and evaluated periodically and regularly, and have technical weaknesses and security vulnerabilities; compliance with procedures and regulations on ensuring network security is not strict; and investment to serve the work of ensuring network system security is still modest.
Nguyen Son Hai, CEO of Viettel Cybersecurity, emphasized that ransomware remains a major societal and business threat. “These incidents are nearly irreversible without early preparation,” he said.
Hai noted that ransomware has evolved into a lucrative business model. “Ransomware and DDoS attacks are now services. Professional groups develop tools, others buy them to attack for profit. As attacks become popularized, the number of attackers will increase, making ransomware a significant issue in the coming years,” he explained.
According to BKAV Corporation, in 2024, as many as 155,640 computers in Vietnam were attacked by ransomware, a type of malware that encrypts data to extort money. The damages to organizations in Vietnam reached tens of trillions of dong, including ransom payments to hackers, direct revenue losses from system downtime, customer loss, and brand reputation damage.
For example, one enterprise lost over VND100 billion on the first day of a ransomware attack. Another faced damages estimated at VND800 billion after an attack.
However, experts noted that these visible losses are just the tip of the iceberg. In recent years, requests for assistance due to ransomware attacks have flooded authorities and businesses with increasing frequency.
Bkav’s research highlights that viruses are becoming more dangerous and sophisticated, with clear, methodical attack strategies. Ransomware targets enterprises for massive extortion, while advanced persistent threats (APTs) silently infiltrate organizations to steal sensitive intelligence.
“Every day, millions of new virus samples emerge, and the damages from malware are devastating. Meanwhile, in Vietnam, 60 percent of enterprises lack adequate cybersecurity solutions,” said Nguyen Dinh Thuy, head of Bkav’s malware research department.
Thai Khang
