One long-favored way that ransomware enters your system is through Microsoft’s Remote Desktop Protocol (RDP) attacks. Years ago when we used Microsoft’s Terminal Services (from which RDP evolved) for shared remote access inside or outside of an office, attackers would use a tool called TSGrinder. It would first review a network for Terminal Services traffic on port 3389. Then attackers would use tools to guess the password to gain network access. They would go after administrator accounts first. Even if we changed the administrator account name or moved the Terminal Services protocol to another port, attackers would often sniff the TCP/IP traffic and identify where it was moved to.
Leer másCSO Online