Home Resources Blog Phorpiex Bots Target Remote Access Servers to Deliver Ransomware

Phorpiex Bots Target Remote Access Servers to Deliver Ransomware

Dr. Eduardo Rocha, Senior Solutions Engineer & Security Analyst @ GlobalDots
01.10.2018
image 1 Min read

Threat actors are brute-forcing their way into enterprise endpoints running server-side remote access applications and attempting to spread the GandCrab ransomware onto other enterprise computers, SecurityScorecard researchers are warning.

Their weapon of choice is Phorpiex/Trik, a bot with worm capabilities that allows it to spread to other systems by copying itself to USBs and other removable drives.

This rather unsophisticated piece of malware scans the internet for Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) servers and tries to gain access to these devices by running through a list of widely used usernames and passwords (“password”, “test”, “testing”, “server”, “admin”, “123123”, “123456”, and similar).

The malware randomly generates a target’s IP address and tries to connect to it through port 5900. If it succeeds, it inserts the ransomware and leaves the user with locked files and a ransom request.

The researchers advise users to make sure that the password for their RDP and VNC servers is a strong one (long, complex and unique) and to regularly run virus protection on all removable media.

Read more: Help Net Security

Learn More

Streamline Your Alert Management with Groupings
Monitoring, Logging & Observability
Dr. Eduardo Rocha, Senior Solutions Engineer & Security Analyst @ GlobalDots 02.02.23

Alerting is crucial for avoiding outages, not just responding to them. That’s why GlobalDots is adopting an innovation that revolutionizes the way alerts are processed, enabling teams to achieve their goals proactively and resolve issues quickly. Handling alerts on a large scale can be difficult, especially when dealing with hundreds or even thousands of alerts. […]

Read more
You’ll Need Zero Trust, But You Won’t Get It with a VPN
SD-WAN and SASE
Dr. Eduardo Rocha, Senior Solutions Engineer & Security Analyst @ GlobalDots 12.01.23

Properly implemented, a zero trust architecture provides much more granular and effective security than legacy security models. However, this is only true if a zero trust initiative is supported with the right tools. Legacy solutions, such as virtual private networks (VPNs), lack the capabilities necessary to implement a zero trust security strategy. Zero Trust Security is […]

Read more
4 Ways Where Remote Access VPNs Fall Short
SD-WAN and SASE
Dr. Eduardo Rocha, Senior Solutions Engineer & Security Analyst @ GlobalDots 09.01.23

The Global Content Delivery Network (CDN) market is expected to grow by $42.4 billion between now and 2032.

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Book a Demo