CyberSecutiy Post - CryptON Ransomware Installed through RDP
Currently the ransomware strain known as CryptON ransomware is being conducted on computers using the Remote Desktop Protocol. With this, what happens is that attackers will find computers running this protocol, and then the attackers will hack into the machine. Once they are in the machine, they will then proceed to manually install the ransomware onto the compromised machine.
On multiple forums where questions about this ransomware started to arise it seems that main surge of this ransomware happened during the month of May. The main forums in general for this reference is the Bleeping Computer Forums but also the ID-Ransomware Forums.
For every encrypted file that this encrypts, it also adds to the end of the file the extension of, [email protected]
In the support document for how to decrypt your information, it mentions the ransomware site for you to contact their support in the decrypting of the information.
As of right now, there is no active program out there that can decrypt the information for free.
It is also worth mentioning that RDP is a very common way for attackers to get inside systems, so if you are running it, the best advice is to not run it, or to hide your RDP behind a VPN.
If you wish to know more information, just leave a comment and I will answer it as soon as possible.