Remote Desktop Protocol and the Ransomware Problem

Ransomware has become one of the most prevalent threats to the IT Security of Businesses and Governments. In 2021, the most common method of attack was through Remote Desktop Protocol (RDP). Moreover, RDP remains a commonly used protocol allowing remote control of your computer. Its main use cases are remote work, IT service, and remote connection for Microsoft Azure and Hyper-V.

Remote Desktop Protocol (RDP) Attack Demo: Windows RDP

RDP is a powerful tool enabling remote control over a local machine, however, it has recently become the main target for ransomware attacks. According to a 2020 Incidence Response and Data Breach Report by Palo Alto, 50% of ransomware attacks were perpetrated using RDP compromise as the initial attack vector. Now more than ever it is important to reevaluate your organizations’ RDP usage in order to protect yourself from ransomware attacks.

Ransomware Attack Vectors

In Q1 of 2021, according to research done by Coveware, RDP Compromise was the most common vector of ransomware attacks. Their research shows nearly half of all Ransomware attacks came through RDP vulnerabilities.

RDP vulnerabilities have become even more pronounced due to the pandemic with millions of workers making the transition to working from home. Many of the laptops used for remote work were rapidly purchased and configured. This means there is more room for error in RDP implementation and more instances of RDP that could be vulnerable to malicious actors. Furthermore, it’s important to take steps to secure your organizations’ RDP as a part of your IT Strategy.

Preventing Ransomware Attacks Through RDP

A common misconception about ransomware is attackers look for specific targets. While this can occasionally be the case, most of the time attackers target any vulnerabilities resulting in a potential payout. Moreover, by leaving your RDP unsecured you leave the door open to potential ransomware attacks. 

To secure your RDP, here are some steps your organization should take:

  • Secure your RDP behind a Virtual Private Network (VPN)
  • Enable Multi-Factor Authentication (MFA). This means regardless of compromised RDP credentials, a separate layer of security prevents attackers from breaching your network
  • Limit Login Attempts. This prevents brute force attacks
  • Automatically disconnect RDP sessions that reach a certain time limit of inactivity
  • Deploy an Attack Surface Monitoring Solution that monitors your entire network for vulnerabilities

Ransomware is a challenge all businesses, no matter what size, face on a daily basis. Cybersecurity experts estimate in 2021 businesses will experience a ransomware attack every 11 seconds. If you are looking for a solution to secure your RDP from ransomware attacks contact a cybersecurity expert at Strategic Communications using the button below. Additionally, Strategic’s team of experts possesses the expertise in helping you find a security solution to protect your RDP and entire network from ransomware.

Share this Post