top of page
  • Writer's pictureWebKeeper

Ransomware Uses RDP to Infiltrate Networks

The FBI and CISA have been warning of ransomware attacks taking place via RDP (Remote Desktop Protocol).

The joint Cyber Security Advisory explains, "MedusaLocker appears to operate as a Ransomware-as-a-Service (RaaS) model based on the observed split of ransom payments."

Mitigating MedusaLocker Risks

The CSA provides several mitigation recommendations including:

  • Implement a recovery plan

  • Implement network segmentation and maintain offline backups

  • Regularly back up data and password protect backup copies

  • Install, regularly update, and enable real time detection for antivirus software

  • Install updates for operating systems, software, and firmware

  • Review domain controllers, servers, workstations, and active directories for unrecognized accounts

  • Audit user accounts with administrative privileges and configure access controls according to the principle of least privilege

  • Disable unused ports

  • Consider adding an email banner to emails received from outside your organization

  • Disable hyperlinks in received emails

  • Enforce multifactor authentication (MFA).

  • Use National Institute of Standards and Technology (NIST) standards for developing and managing password policies

  • Require administrator credentials to install software

  • Only use secure networks; avoid using public Wi-Fi networks.

  • Consider installing and using a virtual private network (VPN)

  • Focus on cybersecurity awareness and training

Tuearis Cyber is standing ready to help you stay ahead of constantly evolving threats. Contact us to schedule a free consultation regarding your cyber needs!

See the full advisory here.


10 views0 comments

Recent Posts

See All
bottom of page