The Download
Elpaco ransomware exploits unsecured Remote Desktop Protocol (RDP) using bruteforce attacks for login to infiltrate corporate networks. This variant exploits the Everything DLL a legitimate filename search engine for Windows operating systems. Once inside, attackers deploy ransomware to encrypt critical files and demand payment for decryption keys. The use of weak credentials or unpatched vulnerabilities in RDP environments makes systems particularly susceptible to these attacks. Organizations relying heavily on remote access tools face heightened risk, as exploitation can lead to data breaches, operational disruption, and financial loss.
What You Can Do
IT administrators should disable RDP when not essential and enforce multi-factor authentication (MFA) on all remote access points. Regularly updating RDP software and monitoring for unusual login attempts are critical. Employing strong, unique passwords and configuring firewalls to limit access only to trusted IPs can further reduce risks. Scan your networks for RDP, and then block the RDP port to all but required machines.
ThreatMate pen tests will find RDP and attempt to bruteforce login as well to let you know if the hackers can before they attempt to.
To Learn More: