Ransomware using Remote Desktop to spread itself

According to an article over at SC Magazine, hackers are using brute force to crack their way into Remote Desktop / Terminal Servers and installing a CryptoLocker type malware that is encrypting the files on the server.

The blog was alerted to the malware by users on its support forum. The ransomware appears to be installed directly by the attacker who brute forces weak passwords on computers running Remote Desktop or Terminal Services.

This makes perfect sense. Why bother with trying to trick employees into clicking on a fake link to install malware when you can go directly after a server.

Take Precautions 

  1. If you don’t need RDS then disable it on all servers
  2. Don’t have RDS exposed directly to the Internet. Require VPN access to get to any internal servers
  3. Implement account lockout on all user accounts
  4. Use 2 Factor Authentication to log into servers via RDS or Citrix
badge w light burst white (1)
Exclusively for Our MSP Partners

Now Available: Gen AI Certification From BSN

Lead Strategic AI Conversations with Confidence

Breach Secure Now’s Generative AI Certification helps MSPs simplify the AI conversation, enabling clients to unlock the value of gen AI for their business, build trust, and drive growth – positioning you as a leader in the AI space.

More on blogs

What Is the AI Culture Assessment? A Smarter Starting Point for Responsible AI Adoption

AI is already showing up in the workplace, but many organizations lack visibility into how it is being used. The AI Culture Assessment helps MSPs

Phishing Tests Aren’t Enough: Why Remediation Is the Missing Link in Security Awareness

Phishing simulations show who clicks, but without follow-up, they rarely change behavior. Phishing remediation closes the gap by turning failures into learning opportunities, reinforcing training

Why Continuous Training Beats One-and-Done Cyber Awareness

Cyber threats evolve constantly, which means annual cybersecurity training is not enough to keep employees prepared. Learn how continuous training, phishing simulations, remediation, and short
Take the First Step

Experience Training That Makes a Difference

during the demo you’ll:

Take the First Step

Experience Training That Makes a Difference

During the demo you’ll: