Phorpiex Bots Target Remote Access Servers to Deliver Ransomware

October 1, 2018 Published in: News Author: Vedran Bozicevic

Threat actors are brute-forcing their way into enterprise endpoints running server-side remote access applications and attempting to spread the GandCrab ransomware onto other enterprise computers, SecurityScorecard researchers are warning.

Their weapon of choice is Phorpiex/Trik, a bot with worm capabilities that allows it to spread to other systems by copying itself to USBs and other removable drives.

This rather unsophisticated piece of malware scans the internet for Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) servers and tries to gain access to these devices by running through a list of widely used usernames and passwords (“password”, “test”, “testing”, “server”, “admin”, “123123”, “123456”, and similar).

The malware randomly generates a target’s IP address and tries to connect to it through port 5900. If it succeeds, it inserts the ransomware and leaves the user with locked files and a ransom request.

The researchers advise users to make sure that the password for their RDP and VNC servers is a strong one (long, complex and unique) and to regularly run virus protection on all removable media.

Read more: Help Net Security

Vedran Bozicevic

I am a digital marketer with several years of experience with various types of online marketing technologies and channels. Before joining GlobalDots, my experience included working as a content marketing manager for a software development company, and several others marketing positions where I worked on digital marketing strategies and channels.

Our Story

 

GlobalDots helps companies to evaluate, purchase, and integrate cloud services by acting as a neutral consultancy layer between vendors and customers with a keen focus on optimizing performance, workflows, and costs.

We're in the unique position to orchestrate full-stack, multi-vendor architectures such as multi-CDN, CDN+WAF+AWS, CDN+Mobile App optimization, dual-DNS, and other interesting setups.

Increase speed, availability and reliability of your website by learning from the experts in our FREE email course.

Learn everything you need to know about Bad Bot threats by downloading your FREE copy of Bad Bot Report 2018.

Find out the most important tips&tricks before selecting your next CDN provider in this FREE guide.

Find out all the specifics about web threats by downloading our FREE Field Guide to Modern Web Security.