<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1856953457853813&amp;ev=PageView&amp;noscript=1">

VLCM IT Industry News

Latest News

Ransomeware prevention: It takes more than protecting Email/Web browsing!

Think this is crazy?



What's even crazier is exposing dangerous ports/protocols to the public Internet. At the top of the list is the remote desktop protocol default port-3389) Remote desktop connections are particularly useful to system administrators for convenient remote access to Windows servers they are tasked with managing from the internal network but that same access can represent a huge risk when exposed to the public Internet. Cyber criminals, especially those involved in the spread of ransomware rely on the convenience of exposed systems with remote desktop enabled and there are even specific strains of ransomware like Dharma and other variants that are engineered to exploit vulnerable Windows systems that are hosting vulnerable and/or unsecured remote desktop (RDP) connections.




Staying secure can be a like a big puzzle assembled with the right pieces and unfortunately, there is no all-in-one/set-it-and-forget-it solution. One of the first pieces should be having a complete/current inventory of all hardware and software because you can't protect what you don't know you have. Knowing what you have will help you know what you have exposed. It's one thing to have a vulnerable Windows server behind on patches accessible via remote desktop (RDP) over the internal (LAN) network but quite another to have that same system exposed internally and externally to the public Internet. Don't know whether or not a particular system has remote desktop exposed to the Internet? No problem, from that system open a web browser and Google for "What's my IP?" Record that public IP address and attempt to connect to it using remote desktop from an Internet connection outside of your office, your home broadband Internet for example. If you are presented with a login prompt that's bad news and means remote desktop on that system is exposed! Notify your IT staff or administrator immediately and have them block access to remote desktop on your firewall. If you've found one exposed system there's likely more so ask your administrator to investigate and block access to any others. Also have your admin ensure ALL systems that must have remote desktop enabled are configured to require Network Level Authentication (NTLM) to protect against the spread of self-propagating forms of ransomware like WannaCry and NotPetya seen in 2017. While you're at it, ensure that computers are configured to use more secure versions of the file sharing protocol SMB with SMBv1 disabled and NEVER expose SMB (port 445) to the public Internet.




If you've already taken some of the recommended steps to protect against ransomware, great! Just don't miss the target and lose sight of what you could be exposing on the outside. If you can see it, so can cyber criminals looking to cash in.

Need more help? Sign up for one of our free cybersecurity assessments!


Tweets by @vlcmtech