On April 15, a representative of tech giant CMC officially addressed recent reports of a ransomware attack. The company clarified that only a specialized service, limited in deployment and provided by a medium-sized subsidiary to a small group of clients, had shown signs of a targeted cyberattack.

According to CMC, all core systems and services across its main business units remain unaffected and continue to operate safely and stably. “As soon as the incident was detected, we immediately activated our cybersecurity response protocols, swiftly isolated the attack source, and fully regained control within 24 hours. Service was only briefly interrupted and has since been completely restored, with no impact on customer experience,” the spokesperson said.

Following resolution of the incident, CMC proactively notified affected customers and relevant partners via email, providing full details of the incident and its resolution.

The group reiterated its commitment to service safety across all subsidiaries and confirmed that all technical systems are currently operating normally.

CMC is now working closely with government authorities to investigate the incident further. “Once the official findings are finalized and approved, we will provide full information to the press, customers, and partners,” the company stated.

Growing threat of ransomware in Vietnam

The incident is part of a broader surge in sophisticated ransomware attacks targeting Vietnamese organizations. Since late March 2024, numerous major institutions - including Vietnam Post, VNDIRECT, PVOIL, banks, and retail chains - have suffered ransomware breaches resulting in significant damages.

The Vietnam Cybersecurity Association warned that ransomware could already be deeply embedded within the systems of key government, financial, and energy institutions.

According to the Department of Cybersecurity and High-Tech Crime Prevention under the Ministry of Public Security, while digital transformation has brought immense value to society and businesses, it has also made these entities prime targets for both domestic and international hacker groups.

Critical infrastructure in electricity, banking, securities, payment intermediaries, telecommunications, oil and gas, and healthcare sectors has become increasingly vulnerable to large-scale, high-impact attacks.

Such breaches can cripple operations, halt transactions, and result in the loss of sensitive data - much of which is essential to the functioning of entire organizations and must remain constantly available.

Lieutenant Colonel Nguyen Ba Son, Secretary General of the National Cybersecurity Association, noted that the Counter Ransomware Initiative (CRI) - a global effort led by the United States - has urged victims not to pay ransom demands, as doing so could set a dangerous precedent and embolden future attacks.

The association predicts that ransomware attacks targeting Vietnam’s critical institutions will continue to escalate in complexity and scale. Despite repeated warnings from cybersecurity agencies, awareness of cybersecurity risks among IT system administrators remains limited, response capabilities are weak, and many essential systems suffer from poor monitoring, outdated infrastructure, and technical vulnerabilities.

Compliance with cybersecurity protocols is still inconsistent, and investment in cybersecurity resources remains inadequate.

Thai Khang