Ransomware using Remote Desktop to spread itself

By: Art Gross
October 31, 2015

According to an article over at SC Magazine, hackers are using brute force to crack their way into Remote Desktop / Terminal Servers and installing a CryptoLocker type malware that is encrypting the files on the server.

The blog was alerted to the malware by users on its support forum. The ransomware appears to be installed directly by the attacker who brute forces weak passwords on computers running Remote Desktop or Terminal Services.

This makes perfect sense. Why bother with trying to trick employees into clicking on a fake link to install malware when you can go directly after a server.

Take Precautions

If you don’t need RDS then disable it on all servers
Don’t have RDS exposed directly to the Internet. Require VPN access to get to any internal servers
Implement account lockout on all user accounts
Use 2 Factor Authentication to log into servers via RDS or Citrix

More on blogs

Real-World Success: How Generative AI Boosts Productivity and Employee Retention Across Industries

Generative AI in business is no longer just a concept; it is a transformative technology making a real impact across industries. From boosting operational efficiency

CISA Issues Global Telecommunications Guide

In December 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a critical guide titled "Enhanced Visibility and Hardening Guidance for Communications Infrastructure." This publication,

Take the First Step

Experience BSN

Request a demo today

Ransomware using Remote Desktop to spread itself

More on blogs

Real-World Success: How Generative AI Boosts Productivity and Employee Retention Across Industries

CISA Issues Global Telecommunications Guide

Experience Training That Makes a Difference

during the demo you’ll:

Stay Ahead with the Latest Updates

Products

Company

Resources

Get Started

CONNECT WITH BSN

2025 Breach Secure Now. All rights reserved.