Cybercriminals are hacking into remote desktop services with two new matrix ransomware variants that encrypt computer files and one can even debug messages and can use a cipher to wipe free space. These new pieces of ransomware were discovered by the MalwareHunterTeam. Bob Noel, Director of Strategic Relationships and Marketing at Plixer commented below.
Bob Noel, Director of Strategic Relationships and Marketing at Plixer:
“Remote desktop services are a useful tool often used by the helpdesk to remotely access a PC for the purposes of troubleshooting problems. It should only be used for internal sessions, or across VPN tunnels for remote employees. Organizations should immediately inspect all network traffic to ensure that no RDP sessions (TCP port 3389) are open to the internet. Most IT teams will say they have configured their firewalls to block RDP, but using network traffic analysis to ensure that firewall rules are behaving as expected, and to look for any traffic that is circumventing policy is paramount to reducing risk from Matrix Ransomware attacks.”