Issue:
- RDP Brute Force attack performed and Ransomware encrypted system or files
- Technique commonly used by Crysis, Dharma, GandCrab ransomware.
Resolution:
- Use strong and long passwords
- To avoid brute force attack on RDP, avoid using Dictionary word and simple password. Always use long password with combination of Uppercase letters, Lowercase letters, numbers and special characters.
- Limit number of attempts
- Go to Start-->Programs-->Administrative Tools-->Local Security Policy
- Under Account Policies-->Account Lockout Policies
- Account lockout threshold -> Set between 3 to 5
- Account lockout duration -> Ideally set more than 5 minutes
- Only allow user accounts requiring RDP service
- Go to Start-->Programs-->Administrative Tools-->Local Security Policy
- Under Local Policies-->User Rights Assignment-->Allow logon through Remote Desktop Services
- Add or Remove the User accounts or groups which require RDP service
- Close RDP port
- Use VPN connection to access remote desktop and close RDP ports (TCP 3389) access via firewall.
- Use RD gateway servers
- RD gateway proxy servers can be used for securing the connection with SSL.
- Read more here : https://social.technet.microsoft.com/wiki/contents/articles/10974.windows-server-2012-rds-deploying-and-configuring-rd-gateway.aspx
Article no: 000005204