Accordingly, administrators need to enter the IP address of their servers for a direct scan, estimated up to 5 minutes. After this time, if the tool cannot bruteforce the correct password, that server is safe against those potential attacks. However, when discovering the precise password, the tool will deliver a warning and the administrator should reset passwords for the corresponding servers while turning off the remote desktop service if not being used.
In case the remote desktop service needs running, it is advisable that network administrators limit the access right, configuring it for fixed known IP addressed.
Before releasing this free tool, Bkav Corporation had already warned the public about an intentional attack from foreign hackers to public servers in Vietnam. It is predicted that the bruteforce attack this time will scan through all servers that run Windows Operation System of organizations sited in Vietnam. When successful, those hackers will use remote desktop service to log in and then install ransomware onto victims’ computers.
It is said that the aim of this attack is only servers, not stations like usual. Bkav Corporation estimated that until February 14, the number of victims could come to hundreds and was still significantly increasing.