Friday, 23 October 2015

Ransomware Spreads Via Windows Remote Desktop

Researchers have discovered a new ransomware variant that spread via Windows Remote Desktop and Terminal Services distributes. Victims were mainly located in Bulgaria and Greece, according to a thread on the forum of Bleeping Computer.

Via Remote Desktop, it is possible to log on to remote Windows computers. It is believed that the attackers have overtaken the password through a brute force attack and thus gained access to the machines. In many cases, it appears to go servers. Then, the ransomware is installed which encrypts all kinds of files and a total of four bitcoin for decrypting asks.With the current exchange rate is that an amount of approximately 960 euros.

Because the network servers can attack major consequences for companies. According to researcher Nathan Scott the ransomware does not remove the Volume Shadow Copies. The original files are not removed in a safe manner. This allows victims through a tool like ShadowExplorer trying to get their files back in case they do not have a backup. Several victims say however that having paid the ransom and then got the decryption key to decrypt their files, which also succeeded.

No comments:

Post a Comment