Ransomware using Remote Desktop to spread itself

According to an article over at SC Magazine, hackers are using brute force to crack their way into Remote Desktop / Terminal Servers and installing a CryptoLocker type malware that is encrypting the files on the server.

The blog was alerted to the malware by users on its support forum. The ransomware appears to be installed directly by the attacker who brute forces weak passwords on computers running Remote Desktop or Terminal Services.

This makes perfect sense. Why bother with trying to trick employees into clicking on a fake link to install malware when you can go directly after a server.

Take Precautions 

  1. If you don’t need RDS then disable it on all servers
  2. Don’t have RDS exposed directly to the Internet. Require VPN access to get to any internal servers
  3. Implement account lockout on all user accounts
  4. Use 2 Factor Authentication to log into servers via RDS or Citrix

More on blogs

Helping Clients Navigate AI-Powered Business Email Compromise: Turning Risk Into Readiness

Ensuring AI Readiness with AIRIA: A Roadmap for MSPs

Explore how AIRIA enhances AI readiness for MSPs. Discover the transformative benefits of integrating generative AI with our webinar. Boost productivity and strategic alignment for
Take the First Step

Experience Training That Makes a Difference

during the demo you’ll:

Take the First Step

Experience Training That Makes a Difference

During the demo you’ll: