New Ransomware now Infects Computers via Windows Remote Desktop Services

[legendguru]

BOOK INTERNATIONAL FLIGHTS TICKETS LOCAL FLIGHTS HOTELS BOOKINGS WORLDWIDE AND MORE AT CHEAPEST RATE EVER! CLICK HERE TO BOOK YOUR FLIGHT AND RECEIVE YOUR FLIGHT TICKET INSTANTLY

Loading...

A new strain of ransomware is using the Windows built-in Remote Desktop Services or Terminal Services to infect computers, encrypt files, and then demand a ransom of 4 Bitcoin (~$1,000).

The ransomware was first seen for users in Bulgaria and Greece, a few of whom asked for help online, on the Bleeping Computer tech forums. Malware researcher Nathan Scott took a closer look at this new ransomware family and found some interesting things.

Attackers are brute-forcing passwords on PCs running Remote Desktop Services

According to his findings, the attackers are manually installing the ransomware on all infected devices by brute-forcing user account passwords on machines that have left Remote Desktop or Terminal Services connections open.

Once they manage to get a foothold on infected systems, the attackers run the ransomware executable, which first maps all local and network drives.