Ransomware and RDP – Are you vulnerable?

Ransomware Virus – An ongoing threat

Ransomware Virus – it remains a big threat to your business. As an IT Managed Services Company, we help protect our many clients from a prevalent security issue  — ransomware virus infections. A ransomware virus such as Cryptowall and Crypto locker (to name just a few) locks all of your files and provides instruction on how to unlock them. The only way to get the “key” to unlock your files is to follow the instructions of the hacker.

Without a good Backup and Recovery plan, expect long downtime.

You have to pay for the key with a bitcoin.  The process is very involved, and most bitcoin “wallet” companies require multiple verification and a connection with your bank checking account. Setting up an account sometimes takes a day or so. Then there are limitations on how much money you can instantly transfer and convert to a bitcoin. And while you are setting up the payment, the “clock” is ticking because the hacker’s instructions tell you that the ransom will be doubled if you don’t pay in 24 hrs.

And if you finally get this key, it sometimes will take another week to unlock  every file on your network. Having a really good and verified backup is the best prevention from this nightmare. But restoring large amounts of data from either a local or cloud backup can take days.

How secure is your firewall?

Ransomware infections are no longer occurring only via an end user clicking on a bad zip file. The latest trend is a brute force attack on the standard RDP (Remote Desktop) port 3389 . There are scripts out there that are doing port scans on firewalls that have open RDP ports. The script finds the opening and hammers away at common usernames and passwords, so if there is one weak password on your network that’s bound to that RDP server, this hack will find it and you will have some nasty stuff installed on your network in pretty short order. One of the answers here is to make sure RDP is not open from the outside and your organization is using a VPN solution.

Close those RDP ports now and stay vigilant!