Microsoft in a statement denied rumors that hackers are using an exploit for the BlueKeep problem to distribute the DoppelPaymer ransomware, and also reported that attackers do not use Microsoft Teams to host encryptors in company networks.
These rumors began to spread on the Internet in early November, after several Spanish companies became victims of the DoppelPaymer ransomware.
Now Microsoft representatives have said that they are investigating recent attacks by the ransomware and can already say that the information that the attackers allegedly exploit Microsoft Teams and the BlueKeep RDP problem is not true.
Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads. Our security research teams have investigated and found no evidence to support these claims”, — officially state Mary Jensen and Dan West, Senior Security Program Managers, MSRC.
According to experts, the distribution of malware is carried out by remote human operators, who use the credentials of a domain administrator to spread infection over a network of enterprises.
It is rather strange that these rumors were taken seriously by a number of media in principle, because it has long been known that the DoppelPaymer ransomware is a variation of the BitPaymer ransomware, which has always been distributed using the Dridex and Emotet botnets. Since botnet operators often sell access to company intranets to other attackers, they extract credentials and distribute DoppelPaymer to as many systems as possible.
Read also: Microsoft has fixed two new vulnerabilities that are similar to BlueKeep
In addition, the only officially recorded use of the BlueKeep vulnerability for today are attempts to spread the cryptocurrency miner, which, moreover, have not been very successful. Specialists have not yet recorded any other attacks using the exploits for BlueKeep at all.
Moreover, as information security experts have repeatedly explained, most of the malicious RDP traffic is regular brute force, unrelated to BlueKeep.
Prevention Tips From Microsoft: How can you avoid and bounce from a ransomware attack?
- Keep your Windows Operating System and antivirus up-to-date. Upgrade to Windows 10.
- Regularly back-up your files in an external hard-drive.
- Enable file history or system protection. In your Windows 10 or Windows 8.1 devices, you must have your file history enabled and you have to setup a drive for file history.
- Use OneDrive for Consumer or for Business.
- Beware of phishing emails, spams, and clicking malicious attachment.
- Disable the loading of macros in your Office programs.
- Disable your Remote Desktop feature whenever possible.
- Use two factor authentication.
- Use a safe and password-protected internet connection.
- Avoid browsing web sites that are known for being malware breeding grounds (illegal download sites, porn sites, etc.).
