Vietnamese Energy Firm Hit by $2.5M Ransomware Attack, Highlighting Growing Cybersecurity Threats
A major Vietnamese energy company, generating billions in annual revenue, fell victim to a large-scale ransomware attack in which hackers encrypted data on 1,000 servers and demanded a $2.5 million ransom. The incident, disclosed by Major Tran Trung Hieu, Deputy Director of the National Cybersecurity Center (A05), underscored the severe risks posed by cyber threats to critical infrastructure.
Unlike private firms, state-owned enterprises in Vietnam are prohibited from paying ransoms due to regulatory restrictions. A05 collaborated with U.S. law enforcement to secure decryption keys, preventing potential data loss that could have forced the company to renegotiate contracts with millions of households incurring substantial financial and operational costs.
Cybersecurity Gaps and Rising Threats
Experts warn that Vietnamese enterprises remain poorly prepared for cyberattacks, with readiness levels ranked at 2 or 3 out of 5. Hoang Duc Hoan (VSEC) and Nguyen Son Hai (Viettel Cybersecurity) highlighted that ransomware remains a top threat in 2025, evolving into a lucrative criminal service where attackers lease malware tools for profit.
Once encrypted, victims face two options: pay the ransom or restore from backups no known method exists to break modern encryption independently. The U.S.-led Counter Ransomware Initiative (CRI) urges victims not to pay, warning that ransom payments fuel further attacks. However, some Vietnamese firms have chosen to pay, risking a cycle of repeat incidents.
Widespread Impact and Vulnerabilities
The National Cybersecurity Association predicts escalating ransomware attacks targeting energy, finance, and public sectors, with malware growing more sophisticated and deeply embedded. Despite repeated warnings from Vietnam’s Ministry of Public Security (MPS), many organizations lack adequate defenses, with low response capabilities, unmonitored systems, and insufficient investment in cybersecurity.
In 2024 alone, 155,640 computers in Vietnam were infected by ransomware, causing tens of trillions of dong in damages including ransom payments, revenue losses, and reputational harm. One enterprise reported VND100 billion ($4.2M) in losses on the first day of an attack, while another faced VND800 billion ($33M) in damages. Yet, experts caution that reported cases represent only a fraction of the true impact.
Evolving Attack Strategies
Cybercriminals are deploying more dangerous and methodical tactics, with ransomware targeting large-scale extortion and advanced persistent threats (APTs) silently stealing sensitive data. BKAV Corporation noted that 60% of Vietnamese enterprises lack proper cybersecurity measures, leaving them vulnerable to millions of new malware variants emerging daily.
The incident at the energy firm serves as a critical warning of the growing sophistication and financial incentives behind cyberattacks, with experts stressing that prevention and preparedness are the only effective defenses.
Source: https://vietnamnet.vn/en/vietnam-energy-company-hit-by-2-5-million-ransomware-attack-2410202.html
Vietnam Electricity cybersecurity rating report: https://www.rankiteo.com/company/vietnam-electricity
"id": "VIE1773858713",
"linkid": "vietnam-electricity",
"type": "Ransomware",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'millions of households',
'industry': 'energy',
'location': 'Vietnam',
'name': 'Unnamed major Vietnamese energy company',
'size': 'billions in annual revenue',
'type': 'state-owned enterprise'}],
'data_breach': {'data_encryption': 'data on 1,000 servers encrypted'},
'description': 'A major Vietnamese energy company fell victim to a '
'large-scale ransomware attack in which hackers encrypted data '
'on 1,000 servers and demanded a $2.5 million ransom. The '
'incident highlighted severe risks posed by cyber threats to '
'critical infrastructure.',
'impact': {'brand_reputation_impact': 'reputational harm',
'data_compromised': 'data on 1,000 servers encrypted',
'financial_loss': 'tens of trillions of dong (VND100 billion - '
'$4.2M on first day; VND800 billion - $33M in '
'damages reported in some cases)',
'operational_impact': 'potential renegotiation of contracts with '
'millions of households, substantial '
'operational costs',
'revenue_loss': 'tens of trillions of dong in damages, including '
'revenue losses',
'systems_affected': '1,000 servers'},
'lessons_learned': 'Vietnamese enterprises remain poorly prepared for '
'cyberattacks, with low readiness levels and insufficient '
'investment in cybersecurity. Ransomware is evolving into '
'a lucrative criminal service, and prevention/preparedness '
'are critical defenses.',
'motivation': 'financial gain',
'post_incident_analysis': {'corrective_actions': 'Enhance monitoring, invest '
'in cybersecurity defenses, '
'improve incident response '
'plans, and avoid ransom '
'payments.',
'root_causes': 'Poor cybersecurity preparedness, '
'unmonitored systems, insufficient '
'investment, and low response '
'capabilities.'},
'ransomware': {'data_encryption': 'data on 1,000 servers encrypted',
'ransom_demanded': '$2.5 million',
'ransom_paid': 'false (state-owned enterprises prohibited from '
'paying ransoms)'},
'recommendations': 'Enhance cybersecurity measures, improve monitoring, '
'invest in defenses, avoid ransom payments, and '
'collaborate with law enforcement for decryption support.',
'references': [{'source': 'Major Tran Trung Hieu, Deputy Director of the '
'National Cybersecurity Center (A05)'},
{'source': 'Hoang Duc Hoan (VSEC)'},
{'source': 'Nguyen Son Hai (Viettel Cybersecurity)'},
{'source': 'National Cybersecurity Association'},
{'source': 'BKAV Corporation'}],
'regulatory_compliance': {'regulatory_notifications': 'Ministry of Public '
'Security (MPS) '
'warnings'},
'response': {'law_enforcement_notified': 'National Cybersecurity Center '
'(A05), U.S. law enforcement',
'remediation_measures': 'secured decryption keys to prevent data '
'loss',
'third_party_assistance': 'U.S. law enforcement (for decryption '
'keys)'},
'stakeholder_advisories': 'U.S.-led Counter Ransomware Initiative (CRI) urges '
'victims not to pay ransoms to avoid fueling '
'further attacks.',
'title': 'Vietnamese Energy Firm Hit by $2.5M Ransomware Attack',
'type': 'ransomware'}