Remote Desktop Protocol Ransomware Threat
As a provider of IT services and support we frequently have businesses call us when its already too late. One of the most frequent calls of this nature lately has been a ransomware attack that has infected their entire network. Data has been encrypted, and their business has come to a screeching halt. The hacker that encrypted their data is demanding a ransom paid in bitcoin. They’re in a really bad place.
A common thread that we’ve seen for the majority of these attacks that we’ve worked to remediate is that the attackers have gotten in the same way. In almost every instance the infected party had remote desktop protocol open to the world. This protocol is used for simple remote access, and some IT providers will open it up so that folks can work from home, or even sometimes so the IT administrator can give remote support.
Unfortunately open RDP ports are easy access points for any hacker that knows what they’re looking for. They have automated scanning tools that will detect these open ports, and then can do a brute force attack on the password to the machine at their leisure. It makes for an easy entry point. Once they’re in they can us one machine on the network to infect the rest with ransomware.
A properly trained IT provider that has any knowledge of network security should never leave RDP ports open. Providers who do this are not working to protect their clients data. i.t.NOW by policy does not allow any open RDP ports on our clients networks.
Solutions and Alternatives
The good news is that there are plenty of solutions and alternatives to give secure remote access without sacrificing the security of your network. You can use an SSL VPN, or even better a remote desktop gateway. There are actually plenty more solutions for secure remote access, but for the sake of brevity I’ll focus on these two.
First thing to do is make sure that RDP is shut down, and that there aren’t any open RDP ports on your firewall. You’ll probably need an IT professional to assist with this. Once it is shut down and the network is secure you can work on alternative access methods.
An SSL VPN is a type of virtual private network that uses the Secure Sockets Layer protocol in a normal web browser to provide secure, remote-access capability. SSL VPN enables devices with an internet connection to establish a secure remote-access connection with a web browser. An SSL VPN connection uses end-to-end encryption (E2EE) to protect data.
Businesses use this technology to allow workers to easily log into network resources from home or the road using any device with web browser. SSL VPN can even be configured to allow a user to remotely log into their computer on the network with a secure connection.
Many business class firewalls have SSL VPN capability built in, or available for a minimal license cost. This allows businesses to implement the solution quickly and for a fairly low cost.
Remote Desktop Gateway
Starting with Server 2008 R2, Microsoft has built remote desktop gateway functionality into Windows Server. This allows IT administrators to set up secure remote access to their network with this feature.
Remote Desktop Gateway works similar to SSL VPN. Users simply go to a login page on their web browser, enter their credentials, and then get connected securely back to the corporate network through the firewall. For some users this is an even simpler way to connect.
You do need a remote desktop gateway server set up by your network administrator, and so there is a little more time an money spent to deploy this solution. Our clients seem to prefer the easy of access that it offers. This is our preferred solution for secure remote access.
Please take a few minutes to ensure that your business network doesn’t have open RDP ports that could be a security vulnerability. If your current IT provider has configured your network in this manner we would love to help make it right, and offer free network security evaluations. Call us today!