- Feb 4, 2016
- 2,520
CryptON Ransomware Installed Using Hacked Remote Desktop Services
- Thread starter LASER_oneXM
- Start date
- Aug 17, 2017
- 1,484
I heard a snippet on the news about this today and the security expert in the segment suggested turning off remote desktop related windows services, what do you think LASER_oneXM?
Last edited:
This is of no consequence for home users and only IT using bad practices should have to worry.
For one, any version of Windows other than Pro doesn't even have RDP/RDS capability for remote connection. The option isn't even there as an option. Most importantly, even if you run Windows Pro, RDP isn't even reachable through the router without a port forward. Trust me on this, I punch through RDP PF's all day long on systems for terminal access.
If you are worried a super easy fix is to set your Remote Desktop listening port to something totally non-standard rather than 3389 default.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber
I dunno, make it 9929. Even though it's not exposed, if it was they'd have to find that port and assume you had RDP/RDS enabled, which you don't.
So really. This is of no concern at all and this is tremendous FUD. If you give anyone RDS/RDP access to your computer they don't need to manually execute ransomware, they can FORMAT your PC!
For one, any version of Windows other than Pro doesn't even have RDP/RDS capability for remote connection. The option isn't even there as an option. Most importantly, even if you run Windows Pro, RDP isn't even reachable through the router without a port forward. Trust me on this, I punch through RDP PF's all day long on systems for terminal access.
If you are worried a super easy fix is to set your Remote Desktop listening port to something totally non-standard rather than 3389 default.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber
I dunno, make it 9929. Even though it's not exposed, if it was they'd have to find that port and assume you had RDP/RDS enabled, which you don't.
So really. This is of no concern at all and this is tremendous FUD. If you give anyone RDS/RDP access to your computer they don't need to manually execute ransomware, they can FORMAT your PC!
- Feb 4, 2016
- 2,520
i saw some articles/threads on the web about windows services and their risks. But on the other hand i also could find articles that warned users that disabling services (or making chages to services) could also be very, very risky to your system if you are not an experienced expert.
Similar threads
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
