A 2019 Update on RDP Ransomware
Ransomware may have lost some of its malware market share throughout 2018, but threat actors are always thinking critically and creatively to find new ways to achieve their goals. As we move into the new year, ransomware is still a very real threat and has become even more targeted, using unsecured Remote Desktop Protocol (RDP) connections to deploy successfully.
Cybercriminals use tools like Shodan to scan for businesses that have not implemented adequate RDP security settings, leaving their environments open to infiltration by brute force tools. RDP access doesn’t require much knowledge to execute, and less sophisticated cybercriminals can buy access to already-hacked machines on the Dark Web. Once an organization has been breached by a criminal using RDP, it’s all over. Criminals can browse all data and hardware on the network, and map shared drives at their leisure to assess contents and value, and determine their attack strategy. This highly targeted approach significantly improves the chances of an organization paying the ransom, since criminals can effectively select the most valuable data to lock down.
SamSam Criminals Indicted
As a quick recap: SamSam ransomware exploited RDP to effectively bring down entire cities (or portions of them, at least). You’ve likely seen news reports about it, since SamSam brought the city of Atlanta and the Colorado Department of Transportation to a grinding halt. This virulent threat affected numerous industries, including critical infrastructure, healthcare, transportation, and state and local governments.
The duo behind SamSam, Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi, were wanted for allegedly launching the ransomware attack that encrypted hundreds of computer networks in the United States and other countries through the RDP attack vector. Since December 2015, Shah Mansouri and Shahi Savandi have received over $6 million USD in ransom payments from their victims. On Nov. 28, 2018, the U.S. Department of Justice announced charges against the two men.