Xdedic Rdp Patch Download
Members of TeamXRat, a hacking crew based in Brazil, have created their own ransomware variant that they spread to local companies and hospitals after taking control over their servers and networks via RDP (Remote Desktop Protocol) brute-force attacks.
In this case, however, the tool, xDedic RDP Patch, was also installed, suggesting that a black market seller had discovered the environment and was intending to sell it on xDedic. Yet, unlike the 2020 honeypot which operated in a stealthier fashion, the hacker who first identified the environment almost immediately began unleashing a flood of. The patch modifies the RDP settings to allow multiple user logins, which would enable a buyer to access the server without alarming the server’s legitimate administrator. The buyer could then access the hacked server through xDedic’s own RDP client.
The group, who has previously created and sold banking malware, is at its first attempt at creating ransomware, which, based on a Kaspersky Lab analysis, seems to be derived from the Xorist ransomware, detected and decrypted back in March.
Researchers say the ransomware is crude, since it doesn't work with a TOR-based payment site, asks users to contact the crooks via email, and needs manual installation.
Xdedic Rdp
TeamXRat hacks into servers via unprotected RDP services
To achieve a position from where they can install their malware, the crooks carry out brute-force attacks against Internet-exposed RDP servers found at Brazilian companies and state institutions.
RDP is a protocol often employed at larger companies to allow sysadmins to log in and manage remote workstations. Most of the times, they are exposed to the Internet, not only the company's Intranet, and sometimes use weak, easy-to-break passwords.
Kaspersky says it was alerted to the existence of this new ransomware variant after an unnamed Brazilian hospital has asked the company for help in unlocking their files.
Xpan ransomware can be decrypted
The ransomware, which is detected as Trojan-Ransom.Win32.Xpan, uses dual AES-256 CBC and RSA-2048 encryption to lock files, but Kaspersky said it identified weaknesses in its encryption that allowed its staff to create a decrypter. Victims who need this decrypter should contact Kaspersky via their support section.
The rest of Xpan's behavior is similar to most other ransomware variants. Xpan locks the user's files, changes his wallpaper, asks for 1 Bitcoin (~$600) ransom, and adds a registry key that opens a custom ransom note every time the user tries to open an encrypted file.
/undefined-reference-to-winmain-16-dev-c2b2b.html. Xpan victims can detect an infection based on the custom file extension the ransomware appends to all locked files: .____xratteamLucked.
Xdedic Rdp Patch
TeamXRat is not the first Brazilian-based crew to try its hand at ransomware. In the past, security firms have detected TorLocker and numerous ransomware families based on the Hidden Tear open source ransomware starter kit. The Brazilian malware scene is generally known for boleto spam and a flourishing banking trojan scene.
In June, when Kaspersky revealed the existence of xDedichttps://treeeazy765.weebly.com/blog/granny-download-free-for-mac. , a marketplace for selling compromised servers, Brazil was the country with the most hacked RDP servers.