Ransomware-spreading hackers sneak in through RDP

By Mark Stockley, Sophos

November 20, 2017

If there’s an unexploited niche caused by insecure software or behaviour then sooner or later a crook is going to wiggle into it and attempt to use it as a way to make money from someone else’s misery.

Sophos has recently uncovered a new ecological niche in the great internet hack-o-sphere that’s equal parts low-cunning and directness: crooks who are breaking into computers one at a time and running ransomware on them manually – clickety click – in the same way that you might run Word, Notepad or Solitaire.

Let me do that!

We normally think of ransomware as something that’s catapulted into victims’ computers using some form of mass distribution.

For example, the criminals behind WannaCry and NotPetya used a stolen NSA exploit to create worms that copied themselves from one computer to another, encrypting files, demanding ransoms and creating mayhem as they zig-zagged through and between networks.

More common still is phishing. Why bother with worms and exploits when you can simply sign up for crimeware online and click a button to crank out booby-trapped email attachments?

Phishing is a numbers game: most of your emails won’t get through, many of those that do will go unread, and even those that get opened may find themselves hitting a brick wall – a patched system, for example, or a user who realises that something phishy is going on and stops just short of getting infected.

The phishing crooks only make money if they can repeatedly find new ways to persuade users to open emails and do things their IT team have warned them about, such as saving attachments to disk and then launching them, or opening Office documents and deliberately enabling macros.

For this reason, some cybercriminals have decided that if you want something doing properly, you have to do it yourself.

Terms of Use | Copyright © 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement