Jump to content

Ransomware using Remote Desktop to spread itself


Recommended Posts

Ransomware using Remote Desktop to spread itself

A new strain of ransomware has been discovered that is being circulated by targeted Remote Desktop or Terminal Services hacks. LowLevel04 malware also propagates via Terminal Services


The ransomware was discovered by tech blog Bleeping Computer. According to Lawrence Abram, the malware, dubbed LowLevel04, encrypts data using AES encryption and then demands a four Bitcoin, or US$ 1,000, ransom to get files back.


The blog was alerted to the malware by users on its support forum. The ransomware appears to be installed directly by the attacker who brute forces weak passwords on computers running Remote Desktop or Terminal Services.

“Many of the victims have also reported that the machines affected were servers, which makes sense as this type of attack would cause major disruption for a company,” said Abrams.


Full Story HERE at SC Magazine

Link to post
Share on other sites

Thanx for posting this Firefox

I haven't read a technical writeup on this cryptographic variant.  However if it has a viral component that seeks TCP port 3389, not enabling Remote Desktop Protocol ( RDP ) would mitigate ingress.  However, so would would using Strong Passwords, changing the default TCP Port to a none standard TCP Port other than 3389 as well as blocking TCP ingress on port 3389 on a Firewall.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.