Organizations Warned of Dual Threat Posed by RDP and Disruptive Ransomware
Two separate reports shed light on the rise of ransomware attacks targeting organizations via Remote Desktop Protocol (RDP) instances. A paper[pdf] by the Institute for Critical Infrastructure Technology (ICIT) states that RDP/ransomware campaigns are increasingly disrupting business operations and pose “an existential threat to critical infrastructure operators.” ICIT notes that this type of ransomware attack is extra damaging because when the victim is locked out of their files and shown a ransom note, “the adversary retains access to the system, allowing them to install backdoors, remote access Trojans, or other malware that can facilitate future attacks or provide access-as-a-service to other attackers.”
The second study[pdf], by Vectra, shows that the company has detected 26,800 malicious RDP behaviors in the first half of this year. The attacks mostly targeted organizations in manufacturing (20%), finance (16%), retail (14%), government (12%), healthcare (10%) and services (8%).