RDP Ransomware Attacks:
What to do to protect your business?
RDP Ransomware attack prevention Tip #1
Make sure all the passwords on your Server and workstations are all strong passwords, combining uppercase, lowercase, numbers and symbols.
There is debate around whether changing passwords every 3 months is necessary, however there is no debate surrounding the topic of strong passwords.
RDP hackers will continually try with a brute-force attack on your system, trying basic usernames with basic passwords. Strong passwords are a must. Brute-force RDP attacks leads me on to my next tip.
RDP Ransomware attack prevention Tip #2
Enforce Limited Logon Attempts
The Domain Controller on your network needs to be configured in such a way as to limit the login attempts for every user on your network.
This will help to keep you secure from brute-force attacks. We suggest putting a limit of 5 attempts. Anything less might result in a lot of support calls to your IT vendor to unlock the account.
Let’s face it, sometimes you need more than 3 go’s in order to type in your complex password, especially when you are in a rush.
RDP Ransomware attack prevention Tip #3
Enforce Two Factor Authentication – 2FA
This is the number one step you can take in ensuring that no hacking occurs through the RDP port on your server.
We use a system that requires a user to approve the connection through their mobile device once first authenticating with the Server.
Without this protection in place your network is seriously at risk.
RDP Ransomware attack prevention Tip #4
Use a VPN
This is an old school method of protecting your network. This enforces the need to at least authenticate once prior to accessing the RDP server.
Incorrectly configured the use of a VPN can give a hacker full access to your network, allowing them to wreak havoc depending on the other security measures on your system.
- Use a complex password.
- If practical, only allow access from specific IP addresses.
- Use 2FA.
- Use a different password to those used on the network.
RDP Ransomware attack prevention Tip #6
Limit RDP access to particular IP addresses
If practical, RDP access should be limited to only accept connections from PC’s from specific IP addresses.
A logon attempt from any other IP address source needs to be rejected immediately, thus securing your network.
This isn’t always practical if the user is travelling.
RDP Ransomware attack prevention Tip #7
Use a strong Firewall to procted your RDP connections!
A firewall needs to be in place to protect your network. Preferably your firewall should have the ability to block connections from IP addresses that repeatedly try to compromise your system.
This step will also protect you from brute-force attacks.
The firewall of course needs to block all ports that are not required, both incoming and outgoing.
RDP Ransomware attack prevention Tip #8
Some ransomware attacks are Trojan based and can be stopped in their tracks if you use a decent antivirus to protect your Server.
Be sure to use an Enterprise grade Antivirus to protect your server. Reach out to us if you need help.
RDP Ransomware attack prevention – Other Measures
Below is a quick list of other things to attend to in securing your network…
- Use an Active Directory Domain
- Use a spam filter for every email address on your network
- Restrict wireless access to employees, make them join a guest network if needed
- Do not allow the checking of private emails or browsing of non work related sites by employees
If you need any help in securing your network, please reach out to us for a no obligation assessment.
How to stop a RDP attack?
1. Use Strong Passwords throughout.
2. Implement 2FA logins for all users.
3. Use a VPN.
4. Install a good Antivirus.
5. Implement a password changing routine.
6. Limit login attempts.
7. Enforce geo blocking.
8. Use a strong firewall.
9. Limit the security level for remote users.
Is it safe to use RDP?
Not out the box. Today, more and more RDP servers are getting targeted. You need to lock down the security of a RDP server before you expose it to the internet.
What is a RDP Brute force attack?
A RDP Brute force attack is when and attacker attempts to crack the password for any user on a RDP server through multiple attempts. They use software that quickly attempts various password combinations in a short time period.
How to protect from a RDP Brute Force attack?
Brute force attacks are attacks made by multiple password attempts. One of the most effective ways to stop brute force attacks is to implement a password login attempt limit, and to perform geo blocking on logins.