Attention: We're currently working with businesses throughout the South West who may have suffered from a form of ransomware due to having vulnerabilities with their Remote Desktop Protocols (RDP), as well as Office 365.
The RDP protocol is designed to provide remote access through port 3389, but can be exploited by malicious actors.
We are actively contacting businesses as part of this operation. If you do receive a call, you can verify our identity by then calling the non-emergency police number 101, and quoting a collar number which we will supply to you for them to put you through.
Please ensure that you use strong passwords, and that your staff are aware of why this is important
Secure accounts with a strong password, and do not reuse that password across different accounts. A strong password combines random words into a long phrase (e.g. 'ThreeRandomWords') - you can also misspell words or substitute symbols/numbers to strengthen a password (e.g. 'Thre1!Rando3!word5!').
RDP protocol is designed to provide remote access through port 3389, but can be exploited by malicious actors.
Account lockout policies
Consider setting accounts to lockout for a period of time after multiple incorrect guesses. This will protect against Brute Force attacks, where attackers repeatedly trial and error huge number of possible passwords.
Ensure that your firewalls are switched on
Most popular operating systems now include a firewall, so make sure it's switched on and configured appropriately.
Install, enable and update anti-virus/anti-malware
All devices should have anti-malware/anti-virus software in place that can have, including mobiles/tablets/routers/anything that interacts with your corporate networks.
Updates and patching
As a minimum, organisations need to ensure that ALL devices and software are always fully patched. This should extend to third party solutions.
Limit users who can use RDP
Limit remote access only to those accounts that need it.
Implement Two-Factor Authentication
Regarding Office 365 - implementing 2FA should be a high priority.
Implementing 2FA can be done with RDP, but typically third party products are used to do this.
If you've been affected by this or any other type of cyber crime, report the details to Action Fraud (0300 123 2040 / www.actionfraud.police.uk). Always keep an eye out for any suspicious follow up activity as well.