Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Case Study: Credit Union Boosts Threat Prevention & Detection with Cymulate
Learn More
New Research: Cymulate Research Labs Discovers Token Validation Flaw
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

Threat Actors Target Exposed Remote Desktop Protocol To Deploy Ransomware

December 8, 2022

Threat actors were discovered targeting open Remote Desktop Protocol (RDP) ports with variants from a range of ransomware families including Redeemer, NYX, Vohu, Amelia, BlackHunt, and MedusaLocker. Online scanners were used to discover devices while stolen credentials or vulnerabilities were used as the initial access vector. In some instances, adversaries were discovered exploiting the Microsoft Windows RDP BlueKeep vulnerability (CVE-2019-0708) to gain entry.

Featured Resources

View More Resources
Handala Hack: From Regional Disruption to Digital Destruction — Why Security Validation Matters Now 
blog

Handala Hack: From Regional Disruption to Digital Destruction — Why Security Validation Matters Now 

After years of battling ransomware and financially motivated threats, security teams must now increase their focus to defend against digital destruction. Iranian-backed Handala Hack highlighted the growing threat with its claimed attacks against a U.S.-based medical equipment maker, with reports of widespread deletion of data

Read More
CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover 
blog

CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover 

CVE-2026-26117 lets attackers hijack Azure Arc on Windows, escalate to SYSTEM, and seize the machine’s cloud identity.

Read More
Exposure Validation Demo
Demo

Exposure Validation Demo

Demo of automated offensive simulations validating detection, prevention, and IOC coverage

Learn More