Blog
Sushmita Kalashikar

Ransomware attacks through Remote Access are on rise. Secure your system now!!

October 26, 2018
  • 1
    Share
13
Estimated reading time: 5 minutes

Once again ransomware attacks are on the rise and this can leave your systems vulnerable to critical data loss and breach. In fact, the recent outbreak of ransomware allows cyber criminals to easily gain access to your computer through Remote Desktop using brute-force technique, which is capable of cracking weak passwords.

With this post, we wish to help you with essential steps and corrective measures you can take, to protect your computer(s) against ransomware and RDP brute-force attacks.

However, before we get into the steps to follow, it can be helpful to get a brief understanding about RDP Brute-Force attacks first.

What is RDP Brute Force Attack?

A RDP brute-force attack is basically a kind of ransomware attack that makes use of Remote Desktop Protocol (RDP). Attackers scan a list of IPs to find the default RDP port 3389 that is open for connection. Once the port is discovered, the attacker launches the brute-force attack.

This is basically a trial & error technique of User ID and password guessing, where the attacker tries a series of commonly used credentials, common word combinations and dictionary words to break through weak passwords. To make things easier for attackers, there are numerous tools readily available that can perform these RDP brute forcing and port scanning with ease.

Once attackers gain access, all they have to do is to disable your system’s antivirus (even if updated) and infect your system.

Fortunately, Quick Heal products comes with a security feature that can protect your system against such brute-force attacks.

We have already released an update to modify rule in Quick Heal’s Firewall that automatically turns off your RDP connections for security reasons and you are sorted. This will discourage hackers from remotely accessing your system.

With the update already released, there can be 2 possible case scenarios:

Case #1 I do not wish to use RDP

If you already have Quick product installed on your system, then you have absolutely nothing to worry about. Quick Heal’s Firewall Protection Feature can effectively block RDP attempt.

As we have already rolled out an update to disable RDP connection, if your Quick Heal product’s virus database version is 25th October or later, be assured that you are already protected from RDP attacks.

 

*In case of any queries, feel free to call us on our toll-free no. 1800-121-7377 and our support engineers would be glad to help you with the issue. You may also visit http://bit.ly/QHChat to chat with us online.

Case #2 I want to continue using RDP

Just in case, it is essential for you to continue using RDP, but at the same time you wish to ensure its security, then you can manually configure the Firewall Protection Feature to configure RDP connection with the help of following steps:

Open Quick Heal Dashboard => Select Internet and Network => Firewall Protection=> Advanced Settings – Configure=> Traffic Rules.

           

 

  • In the Traffic rule window, click on Add for adding an exception.
  • Give any Name for the rule e.g. Remote Desktop and select Next
  • In the ‘Local IP Address’ screen, no changes are to be made, just click ‘Next’
  • In the Local TCP/UDP Port window enter the RDP port in the Specific port option and click Next. By default the RDP port is 3389. Mention the same if you have not changed it.
  • In the Remote IP Address enter the IP address of the system from which you would want to accept RDP connections.
    • It is recommended to configure IP address from which RDP connections are to be allowed. However, if you do not wish to restrict access to specific IP address, select ‘Any IP Address’ and click Next.
    • If you wish to restrict access to range of IP addresses, select ‘IP Address Range’ and specify IP address here. Eg. 192.168.0.1 to 192.168.0.255.
  • Select Next for the Remote TCP/UDP port
  • Select an action to be taken as ‘Allow’ in the last window and click finish.
  • Now save the changes made by clicking on OK
  • Click on Save Changes.

    Traffic Rule Window    

                                                                        Add Name of Rule                                                                    Local IP Address Screen    

                                                               Local TCP/UDP Port Window 

                                                                  Remote IP Address Window

                                                                     Remote TCP/UDP Port

                                                                         Select Action – Allow

 

In addition to above mentioned steps, Quick Heal comes with few additional features that can secure your system from such attacks. These features include:

  • Anti-Ransomware – Behavior-based detection technology that detects and blocks threats such as Ransomware in real-time.
  • IDS/IPS – Detects and blocks RDP brute-force attempts and IP of remote attacker for a defined period.
  • Virus Protection – Online service detects all known variants of the ransomware.
  • Back Up & Restore – Helps you with regular automatic backup of your data for easy restoration whenever required.
  • Password Protection – Configuring password protection for your Quick Heal security software prevents unauthorized users from uninstalling or disabling your security system. You can do so by enabling Settings => Password Protection.

ACKNOWLEDGEMENT

Subject Matter Experts

  • Amit Patel
  • Vikas Tiwari

 

  • 1
    Share

Have something to add to this story? Share it in the comments.

Sushmita Kalashikar
About Sushmita Kalashikar
Sushmita is the content strategist for Quick Heal, with a passion for creative and technical writing. She is also a published author on...
Articles by Sushmita Kalashikar »

13 Comments

Your email address will not be published.

CAPTCHA Image

  1. Sushmita,
    You are helping people by spreading knowledge of how to protect pc laptop from ransomware attack
    Good keep it up.

    Reply
  2. Onil SonawaniOctober 29, 2018 at 9:58 AM

    Hi Sushmita,

    Very informative blog. Keep it up.

    Reply
  3. MOHD JAMIL NOMANIOctober 29, 2018 at 12:31 PM

    Very good information related to that. Every contents very useful for resolve that issue with Quick Heal AV.

    Thanking You…

    Reply
  4. A.P. MATHEWOctober 29, 2018 at 4:20 PM

    Would like to see what kind of protection / precaution a lay man like me who has NOT much technical knowledge to be taken. If the same is given in short in easily understanding manner it will be apreciated. I am a very Senor Citizen. A.P. MATHEW.

    Reply
    • Sushmita Kalashikar Sushmita KalashikarOctober 29, 2018 at 5:24 PM

      Hi Mathew,
      Thank You for writing in. For a non-technical person like you, the best way to protect your system against cyber-attacks is to install a reliable Antivirus like Quick Heal Total Security and you can leave the rest on it. Simply take care that your licence does not expire, to be able to enjoy continued protection against cyber threats.
      For more details, call us on our toll-free no. 1800-121-7377.

      Reply
  5. sanjay kumar bhartiOctober 30, 2018 at 8:00 AM

    please renewal a my quick heal

    Reply
    • Sushmita Kalashikar Sushmita KalashikarOctober 30, 2018 at 10:44 AM

      Hi Sanjay,
      Thank You for writing in. Our support engineers would be glad to help you with this issue. Kindly visit http://bit.ly/QHChat to chat with us online or call us on our toll-free no. 1800-121-7377. You can also raise a ticket at http://bit.ly/Askus and we will get back to you at the earliest.

      Regards,
      Team Quick Heal

      Reply
  6. Shiv Rattan GuptaNovember 2, 2018 at 5:18 PM

    showing out of date even after full system scan done to day. Date of data base is fixed 24.10.2018

    Reply
    • Sushmita Kalashikar Sushmita KalashikarNovember 2, 2018 at 5:22 PM

      Hi Shiv,

      Thank You for writing in. Our support engineers would be glad to help you with this issue. Kindly visit http://bit.ly/QHChat to chat with us online or call us on our toll-free no. 1800-121-7377. You can also raise a ticket at http://bit.ly/Askus and we will get back to you at the earliest.

      Regards,
      Team Quick Heal

      Reply
  7. Siddhartha SantraNovember 4, 2018 at 11:43 PM

    If autometic renewal updatetion failed then what to do ?

    Reply
    • Sushmita Kalashikar Sushmita KalashikarNovember 12, 2018 at 11:28 AM

      Hi Siddhartha,

      Thank You for writing in. Our support engineers would be glad to help you with this issue. Kindly visit http://bit.ly/QHChat to chat with us online or call us on our toll-free no. 1800-121-7377. You can also raise a ticket at http://bit.ly/Askus and we will get back to you at the earliest.

      Regards,
      Team Quick Heal

      Reply
  8. bibhas_chat@hotmail.comNovember 12, 2018 at 9:31 PM

    I ve an licence pack of QH for Win7 Pc but from few days back I have not access SAFE BANK system trough Google crome.

    Rgds:

    Reply
    • Sushmita Kalashikar Sushmita KalashikarNovember 13, 2018 at 10:51 AM

      Hi Bibhas,
      Thank You for writing in. Our support engineers would be glad to help you with this issue. Kindly visit http://bit.ly/QHChat to chat with us online or call us on our toll-free no. 1800-121-7377. You can also raise a ticket at http://bit.ly/Askus and we will get back to you at the earliest.

      Regards,
      Team Quick Heal

      Reply