Ransomware Uses RDP to Infiltrate Networks
The FBI and CISA have been warning of ransomware attacks taking place via RDP (Remote Desktop Protocol).
The joint Cyber Security Advisory explains, "MedusaLocker appears to operate as a Ransomware-as-a-Service (RaaS) model based on the observed split of ransom payments."
Mitigating MedusaLocker Risks
The CSA provides several mitigation recommendations including:
Implement a recovery plan
Implement network segmentation and maintain offline backups
Regularly back up data and password protect backup copies
Install, regularly update, and enable real time detection for antivirus software
Install updates for operating systems, software, and firmware
Review domain controllers, servers, workstations, and active directories for unrecognized accounts
Audit user accounts with administrative privileges and configure access controls according to the principle of least privilege
Disable unused ports
Consider adding an email banner to emails received from outside your organization
Disable hyperlinks in received emails
Enforce multifactor authentication (MFA).
Use National Institute of Standards and Technology (NIST) standards for developing and managing password policies
Require administrator credentials to install software
Only use secure networks; avoid using public Wi-Fi networks.
Consider installing and using a virtual private network (VPN)
Focus on cybersecurity awareness and training
Tuearis Cyber is standing ready to help you stay ahead of constantly evolving threats. Contact us to schedule a free consultation regarding your cyber needs!
See the full advisory here.