Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

The FBI is telling businesses to stop using remote desktop software - here's why

Ransomware attack on a computer

The FBI, the US Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Cyber Security Centre (ACSC) are urging businesses to "strictly limit the use of Remote Desktop Protocol (RDP) and other remote desktop services" and thus minimize the threat coming from the BianLian ransomware group.

In a joint security advisory the law enforcement agencies said BianLian usually targets Windows systmes through RDP credentials, before deploying additional software to steal more credentials, or exfiltrate sensitive data and other important files.

Given that RPD is BianLian's usual point of entry, locking the door seems like a logical step forward. 

Reducing the impact

The law enforcement agencies also said businesses should increase PowerShell logging, add time-based locks to accounts, as well as track domain controllers and active directories for suspicious new accounts and other shady activities. 

"FBI, CISA, and ACSC encourage critical infrastructure organizations and small- and medium-sized organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of BianLian and other ransomware incidents," the advisory reads.

We last heard of BianLian in March 2023, when cybersecurity researchers Redacted spotted the group attempting to extort businesses for money - without encrypting their endpoints first. 

Researchers came up with two possible explanations as to why the threat actors ditched the encryptor, one being that the whole ordeal is too time-consuming, too costly, and redundant, and the other one being that the group never recovered from Avast’s decryptor which was released in January this year. In any case, should your business suffer a ransomware encryption, the FBI recommends not paying the ransom demand.

BianLian was first observed in June 2022, targeting businesses in the healthcare industry, as well as other critical infrastructure verticals.

In a report by The Register, it was said that BianLian is actually multiple ransomware groups growing in size and using newer programming languages, such as Go, or Rust. 

Via: The Register

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.