Remote Desktop Protocol has become a leading entry point for hackers. While many businesses assume they are too small to be targeted, they essentially become low hanging fruit. If your organization uses RDP, it is necessary to take proper security precautions to avoid becoming a ransomware target.
What is RDP?
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft in the 90’s, which provides a user with a graphical interface to connect to another computer over a network connection. With RDP, you can connect to a computer running Windows from another computer running Windows that’s connected to the same network or to the Internet.
RDP is typically used to access computers located in remote locations where system administrators need access, but can’t get to in person. Additionally, many organizations utilize RDP to allow employees to log in while traveling or to support remote workers.
How Vulnerable is RDP?
RDP is the single biggest method of infiltration used by ransomware so far in 2019! Once ransomware is loaded, the hacker typically threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. As a hacker entry point, RDP surpasses email phishing and software vulnerabilities.
There are several common ways that hackers can utilize RDP to access your network and load ransomware. One of the easiest methods is to check for open ports. Oftentimes, an organization may enable RDP access on a server without setting up a password, so anyone trying to access on that port can get in simply by pushing “Enter”. Even if a password is setup, hackers have several methods of guessing login credentials. They can also utilize exploit codes to hack known vulnerabilities in the RDP protocol.
RDP access can be restricted behind a secure virtual private network (VPN) or to known users using firewall rules. Alternatively, or in addition, a multifactor authentication mechanism can be implemented to augment traditional password authentication.
If you are not using VPN, then it is only a matter of time before the resilience of your backups is tested by a ransomware attack that encrypts your entire network. Secure VPN access with two factor authentication (2FA) to protect internal systems and make sure you have an effective antivirus and solid backups or else you will truly be playing roulette with ransomware.
Orbis Solutions was recently contacted by a manufacturing facility that was hit with ransomware through RDP. The attack was targeted and sophisticated. The hackers entered the system and spent weeks finding the right place to deploy the virus while also researching the firm to identify the most valuable data to hold ransom. The attack took out the facility’s production data and their backup data. Every piece of information they rely on to run their business was encrypted and held for ransom. The cyber criminals demanded $70,000 in bitcoin to release the data.
The company contracted Orbis Solutions for Incident Response services and data recovery. Orbis Solutions recovered the company’s data and did a full assessment of when and how the attack occurred. Orbis collected all evidence related to the breach using forensic procedures and tools and prepared a detailed plan, guidance, and insight on how to prevent future attacks. Unfortunately, the company faced costs in the hundreds of thousands in lost revenue from the outage, plus the cost for recovery services.
Learn from other’s mistakes. Since a vast majority of ransomware attacks exploit Remote Desktop Protocol the answer is clear: it does not matter how large or small your digital footprint is, if you have RDP exposed to the internet and not securing it properly, you are being actively targeted.
Contact Us to learn how we can help secure your perimeter from these threats.