For Sophos, Mark Stockley describes how scammers are using RDP, a tool intended to cut down network and system administration costs for companies by allowing sysadmins and help-desk operators to access their customers’ systems remotely, to give them almost unlimited potential to reconfigure apps and services, making installing and executing ransomware a breeze.
Ransomware-spreading hackers sneak in through RDP
The second part of a two-part report by Intermedia deals specifically with ransomware and includes a link to a video which I’m afraid I haven’t watched. There are also some interesting statistics. When a ransom gets paid, who pays it? According to Intermedia, 59% of employees have paid personally, and only 37% of those surveyed said that their employer had paid. (Which may say something sad about employee attitudes and unpleasant about employer attitudes.) Yet the company has previously reported that 19% of companies didn’t get their data back. (In sharp contrast to claims that ransomware gangs usually recover data because that’s their business model.) I’d guess that with the increase in wiper activity in recent months, the 2017 figures for unrecovered data could be appreciably here. (Are wipers ransomware? Well, that depends on individual cases, but they do often present themselves as if they are.)