Once an attacker has the user ID and password of a victim, it’s a simple matter to log in and do what they wish inside the system. More importantly, it can also be quite effective.Ĭybersecurity analysts estimate that over 80% of attacks are launched using stolen credentials. Although this sounds like an old-fashioned scam, it can be quite sophisticated. Social Engineering is the term used by hackers to refer to tricking a human into giving them access, usually by handing over log-in credentials. This article will go through some of the general tools and approaches used to gain access. However, sophisticated hackers develop diverse skills and associated tools to be able to attack a wide variety of targets. For example, a hacker unskilled in attacking websites would simply move on to another target if a website is the only access. The method chosen often reflects more on the skills of the hacker than the weaknesses of the target. Once scanning is complete, hackers use a variety of ways to gain unauthorized access to a computer or system. You will probably need to do further research to find out if it's possible, or get help from a security expert.Ĭlosing port 3389, which is used by the Microsoft Remote Desktop protocol, isn't necessary to avoid ransomware, as ransomware doesn't get into your computer through RDP.Editor's note: This excerpt has been derived from Leonard Chin's white paper, "5 Phases Every Hacker Must Follow," which has been reprinted with permission. For example, I found these helpful articles:ĭepending on the type of ransomware that has infected your servers, you may or may not be able to remove it yourself.
If you search on Google, you can find lots of articles on security or tech websites that discuss ransomware and how to prevent it or remove it. (There are other methods used too, but this is a common method: tricking the computer user into downloading an infected file, or visiting an infected website).
Then you are instructed to download a file, which contains the ransomware virus, and that's how it gets onto your computer. your bank or ISP or IT Department, etc), or perhaps a fake website that is made to look like a legitimate website. For example, a fake email that is made to look like a legitimate email from someone you trust (eg. Hi usually gets onto a computer in the same way as many other viruses: through phishing attacks. If someone else tries to connect to that computer - even if they know the computer's ID and password - they won't be able to, as the whitelist will block them. That means only you - signed in with your TeamViewer account - will be able to connect to the remote computer that is using this whitelist. Then you can, for example, set "Allow access only for the following partners", and add your own TeamViewer account to the list below. This setting can be found by going into the Options, then to the Security page, and clicking the "Black and whitelist" Configure button. not used anywhere else.Īs an additional security measure, you can enable the whitelist feature in TeamViewer's options on all of the computers that you need to connect to. It's therefore important to make sure that the TeamViewer password is kept safe and secure, and furthermore that the password is unique - ie. In any case, it's not possible for someone to connect to a computer with TeamViewer unless they know both the ID and the password of that computer.
What indication do you have, that the hacker actually used TeamViewer to install the ransomware onto the other computer? It's possible they gained access to the computer using some other method.