Ransomware as a Service (RaaS)


is a subscription-based model that enables affiliates to use already-developed ransomware tools to execute ransomware cyberattacks. Affiliates earn a percentage of each successful ransom payment. Ransomware as a Service (RaaS) is an adoption of the Software as a Service (SaaS) business model. APT groups have also begun to follow the extortion model, enabling a massive increase in frequency and sophistication.

Contact consultant →

Our professional services

  • Consulting

    With a solid background of expertise and experience, and powerful cybersecurity technology solutions, our team is ready to advise organizations and businesses on the right cybersecurity solutions.

  • Cybersecurity solutions

    Our technology partners are the world's leading cybersecurity companies with powerful, modern technology that meets the highest needs of organizations and businesses.

  • Network of partners

    Our network of partners in Vietnam with strong financial, technical and human resources will support organizations and businesses in planning, training, and implementing cybersecurity solutions. .

  • Technical support

    As the direct and exclusive representative in Vietnam, through our network of partners, we provide organizations and businesses with guaranteed genuine licenses.

Become a partner

Contact Us

What is cyber risk?

A cyber risk is a form of business risk or operational risk. It refers to any risk associated with the potential for business losses of all kinds—financial, reputational, operational, productivity-related, and regulatory-related—in the digital domain. It can also cause failures in the physical domain, such as damage to operating equipment.

Has cyber-attacks (RaaS) evolved?


Cyber-attacks, especially those that involve Ransomware, have evolved so much that they’ve created their business ecosystem known as Ransomware as a Service (RaaS). RaaS has lowered the bar of entry into the ransomware business in a multifaceted approach as it raises the stake for its victims.


APT groups have also begun to follow the extortion model, enabling a massive increase in frequency and sophistication. These cyberattacks can affect the availability of business systems and result in the release of -sensitive data, which has severe ramifications on the business, customers, and partners.

The anatomy of a ransomware attack


A threatening voicemail, research into company executives and finances, even step-by-step guides to using cryptocurrency. These are some of the evolving tactics of ransomware groups that have turned this cybercrime into a highly lucrative underground business. As CNN's Clare Sebastian reports, businesses and law enforcement are racing to get ahead of them.


Source: CNN Business

Technology Partners

John&Partners, LLC. Cybersecurity takes pride in being the exclusive representative in Vietnam of leading technology partners in the world

Teel Technologies


Teel Technologies is dedicated to providing he best tools, training and services for professionals tasked with investigating mobile devices and digital media. With a focus on the total lab establishment, training in all skill levels. 

 

Learn more →

Why cybersecurity is a business,

and your business is cybersecurity?

"Protect & Forget" and "Patch & Proceed" policies lack focus on cybersecurity can be significantly damaging to any business. There is the direct economic hard cost of such attacks to the company, such as theft of corporate information, disruption to trading, or even repairing affected systems, resulting in financial loss. As well as the physical impact, cybersecurity breaches can also cause reputational damage.

The real cost is the soft cost. With a lack of faith in the affected business' security, customers will be more inclined to venture elsewhere, resulting in a permanent loss of sales and profits.


Besides the direct hard and soft costs of a cybersecurity breach, there are also legal consequences to deal with in the aftermath. Failure to manage a customer's personal information in light of the recent GDPR, the Sarbanes-Oxley (SOX) Act of 2002, and HIPPA can result in regulatory sanctions. This is regardless of whether the negligence originates from the management or employees of a business.

Can't see the forest

for the trees?


Pass the audits and find yourself “in compliance,” many companies discover this does not mean they are necessarily secure. Companies are commonly attacked as a result of their partners’ or vendors’(SCM) vulnerabilities.

Cyber attacks alert

“The mindset of ‘protect and forget’ or ‘patch and proceed’ is antiquated. Strong security is not a single rigid decision but multiple agile ones.”


"Vietnam's financial institutions and government agencies face a relentless daily onslaught of new attacks. As a result, Vietnam security programs must evolve from reactive and siloed approaches to vigilance and collaboration."


Mr. Nguyen Thanh Tu,

Managing Director - John&Partners, LLC Cybersecurity


The saturated vendor market has swayed organizations to impetuously purchase tools without really considering their organization’s specific need and thus, giving them a false sense of security. High ticketed solutions are unable to effectively detect and prevent the growing number of cyber-attacks.

“Tool bloat” is a term used to describe the heavy investment and rapid adoption of as many security products as an organization's budget permits. These products range from advanced traffic analysis, deception technology, user behavior analytics, next-generation firewalls, intrusion detection systems, SIEMs, and identity management platforms. 


One of the misconceptions that the Mandiant’s report exposed is that aimlessly purchasing tools is not the path to security. This is because the products purchased are not optimized for their environment, but also the tools unintentionally mimic each other in terms of functionality. Instead, organizations should take a multi-layered strategy of complementary controls that are designed for an organization’s specific needs. These controls must also factor in the people processes, and technologies an organization employs. 


During the tests conducted by Mandiant, only 9% of attacks generated security alerts, or 91% did not generate alerts. Many cases security tools are not optimized, which can be a result of unchanged default configurations, security events not making it to the security information and event management (SIEM) solution, unexpected infrastructure changes, the lack of tuning and tweaking after deployment, and the inability to force controls testing. Not to mention, 65% of the time security tools were unable to detect or prevent attempts to bypass policies, with alerts generated only 15% of the time. In the case of malicious file transfers, they were only detected 29% of the time and prevented 37% of the time, but nearly half of attempts were missed and less than a quarter generated an alert.

DATA & NETWORKS CENTRALIZATION VERSUS BLOCKCHAIN DECENTRALIZATION

“The cornerstone of any business’ proper functioning is data security, and thus, data protection is the epicenter of cybersecurity. The usual data protection approach has been the traditional castle, and moat model or outdated centralization practices lead to risks of weakened protection, unreliable mechanisms, and eventually losses of reputation, market, and profits.”


Mr. Nguyen Thanh Tu,

Managing Director - John&Partners, LLC. Cybersecurity

Source: Blockgeeks

Blockchain addresses data centralization by decentralizing it. It distributes data among multiple sources or nodes on the network, and the consensus protocol (PoW) ensures transaction order and prevents unauthorized database entry in a trust-less network. The point is, making unauthorized database entry through a single access point impossible.


Businesses are getting compromised through the unassuming IoT devices they’re using in their networks because the devices are often considered “facilities” devices and are managed by third parties who are not concerned with security, rather than by the organization’s internal corporate IT and security teams. In 2017 alone, US companies suffered from DDoS attacks; 91% of those were IoT-related.


DDoS attacks disrupt entire network infrastructures, obstructing online business operations and eventually leaving them without profits and with a bad reputation. In a similar fashion to data decentralization, Blockchain preserves data integrity by arranging distributed networks. Once more, there is no single point of failure, so users have more advanced data protection

quotes2Artboard 2

"John&Partners helps form a mutually beneficial partnership with innovative technology companies, such as Sepio, Teel Technologies, Netskope, Guardicore, Block Armour, Protect4S and NO MONKEY, to address any technological challenge your company faces. It will take a considerable amount of commitment, time, and trust, and together, we will succeed."

Vivian Ngoc Nguyen, CXO

John&Partners, LLC. Cybersecurity

BLOG

Keep updated with our latest information.

TP-Link fixes critical RCE bug in popular C5400X gaming router

June 5, 2024
The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device.

Hackers target Check Point VPNs to breach enterprise networks

June 4, 2024
Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a May 27 advisory.

Sav-Rx discloses data breach impacting 2.8 million Americans

June 3, 2024
Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack.
Thêm bài viết
Share by: