Quick Heal has detected an ongoing ransomware attack. This post outlines the important steps you must take to protect your computer(s) against this threat.
What to do to stay safe from the attack?
Most of the steps mentioned below are technical in nature. If you need any assistance, please call us on 1800 121 7377.
About the ransomware attack
Quick Heal has detected a recent ransomware outbreak which uses a Remote Desktop Protocol (RDP) brute force attack. However, we suspect that this attack could also be using other means to spread. These could be:
What is Remote Desktop Protocol (RDP)?
The Remote Desktop protocol is used to connect to another computer over a network remotely. It’s generally used to carry out remote device management. The protocol runs over TCP/UDP port 3389.
What is a Brute Force Attack?
A brute force attack is a trial-and-error method used to retrieve critical information such as usernames, passwords or any kind of personally identifiable information (PII). A brute force attack is generally carried out through automated scripts.
By brute forcing the user credentials to access the RDP on a victim’s machine, attackers are able to uncover usernames and passwords. Once the user credentials are obtained, attackers control the victim’s machine to carry out the intended attack. In most cases, ransomware attacks have been observed as the end result of a Remote Desktop Protocol brute force attack.
About the detected ransomware that is spreading through the RDP brute force attack
Quick Heal has observed the Dharma ransomware outbreak to have used the RDP brute force attack. Earlier, other ransomware were also observed to have spread through the same mechanism. In this particular scenario, the attacker can take control of the system with administrative privileges. This allows them to install/uninstall any program on the infected computer. Here, we have observed that attackers were uninstalling the security software from the infected machine. And by doing so, they were able to implant a ransomware on it.
How Quick Heal protects its users from such attacks
Quick Heal products are built with the following multi-layered security layers that help counter such attacks.
Important safety measures to keep your computer safe against ransomware attacks
It is important to understand that such kinds of attacks are targeted towards victims with weaker security infrastructure. This makes it highly critical for individual users and businesses to strengthen their security perimeter and stand strong against all such attacks.
1. Back up data regularly
2. Keep OS and all other software up-to-date
3. Do not download unverified, cracked/pirated software as they can be used to install malware on your computer.
4. Avoid downloading software from untrusted P2P or torrent sites. In most cases, they are malicious.
5. Stay away from phishing attacks
How to disable RDP?
This story is developing. We will update this post when we get to learn more about the development.