A new ransomware program in Brazil uses RDP brute-force attacks to infect hospitals
Stolen or weak remote desktop credentials are routinely used to infect point-of-sale systems with malware, but recently they ve also become a common distribution method for file-encrypting ransomware.
In March, researchers discovered a ransomware program dubbed Surprise that was being installed through stolen credentials for TeamViewer, a popular remote administration tool.
But the trend had started long before that, with some ransomware variants being distributed through brute-force password guessing attacks against Remote Desktop Protocol RDP servers since 2015.
While this method of infection was initially used by relatively obscure ransomware programs, recently it has been adopted by an increasing number of cybercriminals, including those behind widespread ransomware programs such as Crysis.
Security researchers from antivirus firm Kaspersky Lab have discovered a new ransomware program that affected hospitals and other organizations in Brazil.