Once again ransomware attacks are on the rise and this can leave your systems vulnerable to critical data loss and breach. In fact, the recent outbreak of ransomware allows cyber criminals to easily gain access to your computer through Remote Desktop using brute-force technique, which is capable of cracking weak passwords.
With this post, we wish to help you with essential steps and corrective measures you can take, to protect your computer(s) against ransomware and RDP brute-force attacks.
However, before we get into the steps to follow, it can be helpful to get a brief understanding about RDP Brute-Force attacks first.
What is RDP Brute Force Attack?
A RDP brute-force attack is basically a kind of ransomware attack that makes use of Remote Desktop Protocol (RDP). Attackers scan a list of IPs to find the default RDP port 3389 that is open for connection. Once the port is discovered, the attacker launches the brute-force attack.
This is basically a trial & error technique of User ID and password guessing, where the attacker tries a series of commonly used credentials, common word combinations and dictionary words to break through weak passwords. To make things easier for attackers, there are numerous tools readily available that can perform these RDP brute forcing and port scanning with ease.
Once attackers gain access, all they have to do is to disable your system’s antivirus (even if updated) and infect your system.
Fortunately, Quick Heal products comes with a security feature that can protect your system against such brute-force attacks.
We have already released an update to modify rule in Quick Heal’s Firewall that automatically turns off your RDP connections for security reasons and you are sorted. This will discourage hackers from remotely accessing your system.
With the update already released, there can be 2 possible case scenarios:
Case #1 I do not wish to use RDP
If you already have Quick product installed on your system, then you have absolutely nothing to worry about. Quick Heal’s Firewall Protection Feature can effectively block RDP attempt.
As we have already rolled out an update to disable RDP connection, if your Quick Heal product’s virus database version is 25th October or later, be assured that you are already protected from RDP attacks.
*In case of any queries, feel free to call us on our toll-free no. 1800-121-7377 and our support engineers would be glad to help you with the issue. You may also visit https://bit.ly/QHChat to chat with us online.
Case #2 I want to continue using RDP
Just in case, it is essential for you to continue using RDP, but at the same time you wish to ensure its security, then you can manually configure the Firewall Protection Feature to configure RDP connection with the help of following steps:
Open Quick Heal Dashboard => Select Internet and Network => Firewall Protection=> Advanced Settings – Configure=> Traffic Rules.
Traffic Rule Window
Add Name of Rule Local IP Address Screen
Local TCP/UDP Port Window
Remote IP Address Window
Remote TCP/UDP Port
Select Action – Allow
In addition to above mentioned steps, Quick Heal comes with few additional features that can secure your system from such attacks. These features include:
Subject Matter Experts