We received several comments on our last blog post , thank you very much! We would like to comment on some questions and comments.
A comment first mentions the essential protective measures, of which we only mentioned the first: “1. VPN 2. Login lockout 3. 2-factor authentication 4. Updates ”That’s completely correct, thanks for the addition! In addition, the commentator – like probably many readers – is surprised by our statement that RDP is the most common vector of attack for ransomware. So far, phishing is generally considered the most important gateway. The statement about RDP comes from a lecture given by a senior FBI employee who gave it at the RSA conference in February 2020. Special agent Joel DeCapua said that RDP is the gateway in 70 to 80 percent of ransomware cases. You can watch the lecture on Youtube, we have linked the right position .
DeCapua also answers another question there about how to proceed with these attacks: Most RDP servers are hacked with brute force, because there are many very bad passwords. And if there are good passwords, then they are used several times. VPN, login lock and 2-factor authentication could prevent such attacks, but apparently are still missing on far too many Windows servers.
It was also commented that our contribution was “lurid”. We are aware of this. For years we have been trying to find the right tone between too much scaremongering and too boring objectivity. We even dedicated our own blog post to this question of style .