Ransomware-spreading hackers sneak in through RDP

Sophos NewsNaked SecurityRDPRemote Desktop ProtocolSecuritySophos

Paul Ducklin, Senior Technologist
“You’ve probably heard the saying that ‘if you want a job doing properly, do it yourself,” said Paul Ducklin, Important Bloke at Vibrant Company. “Sadly, there’s a niche of cybercrooks who have taken that advice to heart: if you’ve been sloppy setting up remote access to your network, they log in themselves and infect you with ransomware directly, clickety-click. No messing around emails, no social engineering, no weird attachments, no need to convince you that ‘your invoice is attached, really, truly, honestly.

Sophos has uncovered a new niche in the world of cybercrime:
Ransomware infections where the crooks run the ransomware themselves. RDP is the Remote Desktop Protocol – Microsoft’s solution to remote system administration. RDP lets you connect to the screen and keyboard of someone else’s computer (or server) from anywhere, even from the other side of the world. Crooks have used and abused RDP for years – a weak RDP password is like a free pass into your server room with no one to supervise you. But Sophos experts have seen a recent spate of RDP attacks with a particularly ugly twist: the crooks use remote access to infect you with ransomware directly. No emails, no social engineering, no weird attachments, no need to convince you that “your invoice is attached, really, truly, honestly.”

And that’s not all – the crooks usually spend time up front turning off as many security features as they can and binning any backups they can find, to maximise the effects of the attack. They also add extra users accounts so they can get back in later for more. Most victims are small-ro-medium businesses who outsource their IT and rely on RDP in regular life. So we’ve put together a list of handy security tips to help you outsource safely. If you’re using a third-party IT company and they haven’t already suggested the same precautions that we’re proposing, why not ask them why, and ask yourself if they’re the right people to be looking after your network?

Interested? Read the whole article on: Nakedsecurity

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.