Ransomware using Remote Desktop to spread itself

[Firefox]

Ransomware using Remote Desktop to spread itself

A new strain of ransomware has been discovered that is being circulated by targeted Remote Desktop or Terminal Services hacks. LowLevel04 malware also propagates via Terminal Services

 

The ransomware was discovered by tech blog Bleeping Computer. According to Lawrence Abram, the malware, dubbed LowLevel04, encrypts data using AES encryption and then demands a four Bitcoin, or US$ 1,000, ransom to get files back.

 

The blog was alerted to the malware by users on its support forum. The ransomware appears to be installed directly by the attacker who brute forces weak passwords on computers running Remote Desktop or Terminal Services.

“Many of the victims have also reported that the machines affected were servers, which makes sense as this type of attack would cause major disruption for a company,” said Abrams.

 

Full Story HERE at SC Magazine

[AdvancedSetup]

Thanks FF

[Andrew6974]

Can this threat be mitigated simply by turning off remote desktop ?

[David H. Lipman]

Thanx for posting this Firefox
 

Andrew6974:
 
I haven't read a technical writeup on this cryptographic variant.  However if it has a viral component that seeks TCP port 3389, not enabling Remote Desktop Protocol ( RDP ) would mitigate ingress.  However, so would would using Strong Passwords, changing the default TCP Port to a none standard TCP Port other than 3389 as well as blocking TCP ingress on port 3389 on a Firewall.