According to an article over at SC Magazine, hackers are using brute force to crack their way into Remote Desktop / Terminal Servers and installing a CryptoLocker type malware that is encrypting the files on the server.
The blog was alerted to the malware by users on its support forum. The ransomware appears to be installed directly by the attacker who brute forces weak passwords on computers running Remote Desktop or Terminal Services.
This makes perfect sense. Why bother with trying to trick employees into clicking on a fake link to install malware when you can go directly after a server.
Take Precautions
- If you don’t need RDS then disable it on all servers
- Don’t have RDS exposed directly to the Internet. Require VPN access to get to any internal servers
- Implement account lockout on all user accounts
- Use 2 Factor Authentication to log into servers via RDS or Citrix
Now Available: Gen AI Certification From BSN
Lead Strategic AI Conversations with Confidence
Breach Secure Now’s Generative AI Certification helps MSPs simplify the AI conversation, enabling clients to unlock the value of gen AI for their business, build trust, and drive growth – positioning you as a leader in the AI space.
