SMBs Need to Brace for RDP Ransomware Attacks

Small businesses are prime targets for malware. According to eSecurity Planet, small and midsized businesses (SMBs) lost $75 billion to ransomware attacks last year. These businesses are also caught in the crosshairs for new and evolving malware strains, since they often lack the IT staff and security controls necessary to detect and combat threats.

Ransomware Attacks Target SMBs

According to Naked Security, the largest company targeted by recent remote desktop protocol (RDP) attacks had 120 people and the smallest had fewer than 30. The attack methodology wasn’t exactly complex: Cybercriminals used publicly available tools to scan for internet-facing remote desktop ports. They then leveraged commonly used passwords to crack weak security and gain access.

Once behind IT defenses, attackers made their own admin accounts to ensure that backup access points were still available even if IT staff closed the initial security loopholes. Then it was just a matter of installing software to tweak antimalware applications and elevating privileges using known vulnerabilities before the cybercriminals deployed ransomware attacks and demanded one bitcoin in payment.

Good News and Bad News

The good news? Attackers haven’t seen much profit. The not-so-good news? RDP attacks remain a huge problem for companies — and SMBs in particular.

Consider the recent attacks: Cybercriminals needed zero finesse and barely any effort to crack stock-permission RDP access points and create persistent admin accounts. This gave them the time and space to adjust system settings and prime networks for malware delivery, all while SMB owners and staff were blissfully unaware.

RDP attacks aren’t a new thing; enterprises have been enduring them for years. However, SMBs are especially vulnerable to these attacks because their security staff are often juggling multiple jobs. Rather than focusing purely on security, these teams tend to spend most of their time trying to keep IT up and running. This gives cybercriminals the ideal opening.

All Is Not Lost

The better news? It’s not impossible to prevent RDP attacks. The easiest way to avoid an attack is to shut this service down. Unless SMBs have remote workers using RDP connections daily, the insecurity of stock permissions on internet-facing ports puts companies at risk.

If your business regularly requires RDPs, start by changing the passwords and then watch all admin accounts. If something doesn’t seem right, it’s probably not. It’s better to suspend remote desktop access than to fall victim to a ransomware infection.

Malware-makers love SMBs, and RDP ransomware attacks are often a perfect match for low-motivation cybercriminals looking for an easy mark. Make it harder for cyberattackers by changing passwords right now, monitoring admin accounts and being prepared to shut down RDP on demand.

Douglas Bonderud

Freelance Writer

A freelance writer for three years, Doug Bonderud is a Western Canadian with expertise in the fields of technology and...