Windows Remote Desktop app hacked

spook84

Extraordinary Member
I have got a second computer in my house and was going to have it up as much as possible for a Minecraft server. Both PCs Win 10 Pro x64 1809. I installed from the windows store the remote desktop app and started noticing Kaspersky blocking some attacks. (attached picture, mid-Oct) I uninstalled it off my main PC and not the home server. the home server has been on/off since but up for the last 48 hours. Then today I notice it was off and when I started it up it was compromised. To be clear I don't care about the contents of what's on the HD and will reformat/swap out that later. The question I have has there been other ppl having the same issue or know about it.


Annotation.png


This is the note they left behind.



THE FILE IS ENCRYPTED WITH THE RSA-2048 ALGORITHM, ONLY WE CAN DECRYPT THE FILE.

====================================================================================================
To decrypt files, please contact e-mail:

su..........................................4@protonmail.ch

if there is no answer, then use jabber:

fa.........................rt@xmpp.jp

If you do not have a jabber. To write to us to register: XMPP.JP - Free XMPP/Jabber instant messaging service

====================================================================================================
Your files are encrypted!
Your personal identifier:
6A02..........................................................................20CD07
====================================================================================================

Attention: IF YOU DO NOT HAVE MONEY THEN YOU DO NOT NEED TO WRITE TO US!
Danger: our contacts change every 2 days, do not hesitate, contact us immediately.
Then we will not be available.
Information about you, and your personal key for decryption is stored only 2 days.


Far as I can tell the computer is fine. Everything works so far. I only have a few programs on there, an a/v and MS Edge. Is there a better program other than TeamViewer.

edit: I did have to reinstall Kaspersky Internet Security and use a key to register it. (which I was on trial eval before the attack)
 
Last edited:

nmsuk

Windows Forum Admin
Staff member
Premium Supporter
Well Generic rdp won't work on teamviewer so you're safe. They're looking for windows rdp servers.
 

Neemobeer

Windows Forum Team
Staff member
Plus a bruteforce would mean it's just making password guess attempts. If you have really short passwords making them long (25+) and complex would help stop these from succeeding. I'm also curious are these coming from external and if so why are you allowing RDP externally. It'd be much more secure to setup a vpn connection and then RDP over that.
 

spook84

Extraordinary Member
Plus a bruteforce would mean it's just making password guess attempts. If you have really short passwords making them long (25+) and complex would help stop these from succeeding. I'm also curious are these coming from external and if so why are you allowing RDP externally. It'd be much more secure to setup a vpn connection and then RDP over that.
Ive been thinking it was a configuration error on my part. Im looking into some ways of setting up everything correctly.
 
Top