Iranian hackers have begun exploiting internet-facing remote desktop protocol or RDP to target companies infecting with dharma ransomware.
Once in the network, the bad actors have taken steps to disable any antivirus software that may be installed and used an application called advanced port scanner to scan the network for any available hosts.
Once the host is identified the attackers abused RDP to move laterally through the network and the actors would then drop dharma on each host that they accessed with a ransom demand of one to five bitcoins, this put the value of the Ransome anywhere from around $11,000 to more than $56,000 per host.
artefacts of these attacks have been found on networks of companies in Russia, Japan, China and India and it's probably the beginning. All of the companies so far have been found to be using internet-facing RDP access along with default ports in use and week credentials.
Heimdal security provides a secure remote access solution allowing management for remote systems while protecting your network from any internet-facing RDP attacks such as these.