RDP

New Pay2Key ransomware encrypts corporate networks in just an hour

A number of companies and large corporations in Israel have been targeted by cyberattacks using a new ransomware called Pay2Key. he first attacks were recorded by specialists from Check Point at the end of October this year, and now their number has increased. According to experts, criminals usually carry out attacks after midnight, when companies have fewer IT workers. The Pay2Key malware allegedly infiltrates the network of organizations through a weakly secured RDP (Remote Desktop Protocol) connection. Attackers gain access to corporate networks “some time before the attack,” and malware can encrypt the victim’s network in an hour. Having penetrated the local network, hackers install a proxy server on one of the devices to ensure that all copies of the …

New Pay2Key ransomware encrypts corporate networks in just an hour Read More »

New ransomware Pay2Key

Sarwent malware opens RDP ports on infected machines

SentinelOne experts noticed that the new version of the Sarwent malware opens the RDP ports on infected computers. Researchers believe that this is due to the fact that maware operators can sell access to infected hosts to other criminal groups. arwent is a not-so-famous backdoor trojan, active since 2018. Previous versions of malware had a very limited set of functions, for example, they could download and install other malware on compromised computers. “Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, and enforced with new commands. Updates to Sarwent malware show a continued interest in backdoor functionality such as executing PowerShell commands. Updates also show a preference for using RDP. Sarwent has been …

Sarwent malware opens RDP ports on infected machines Read More »

Sarwent Opens RDP Ports

Due to pandemic, RDP and VPN usage grew by 41% and 33%

Amid of the COVID-19 pandemic, the use of remote access technologies such as RDP and VPN has grown significantly, as many companies have transferred their employees to remote work, and this usually involves a remote connection to internal networks. ccording to statistics from the Shodan search engine, by last Sunday, March 29, 2020, the number of RDP endpoints increased from 3,000,000 at the beginning of the year to almost 4,400,000. These data include only endpoints running on the standard RDP 3389 port. “A similar surge of activity is also observed on port 3388, which is regularly use system administrators to protect RDPs from attacks. In this case, activity increased by 36.8% (from 60,000 at the beginning of the year to …

Due to pandemic, RDP and VPN usage grew by 41% and 33% Read More »

RDP and VPN usage grew

Ransomware attacks most often occur at night and on weekends

According to a report published by the American company FireEye, 76% of all ransomware attacks in the corporate sector occur in the off-hours: 49% of them are recorded at night on weekdays, and another 27% at weekends. This data is based on dozens of ransomware incident investigations from 2017 to 2019. “In 76% of incidents we reviewed, ransomware was executed in victim environments after hours, that is, on a weekend or before 8:00 a.m. or after 6:00 p.m. on a weekday, using the time zone and customary work week of the victim organization. This observation underscores that threat actors continue working even when most employees may not be”, — said FireEye specialists. Such statistic is easily explainable, and in most …

Ransomware attacks most often occur at night and on weekends Read More »

Ransomware attacks occur at night
Scroll to Top