lochesistemas

plain RDP is extemely insecure. SSL is,secure. Therefore, using RDP over SSL is secure! And add MFA in the middle!

no.. it's not port forwarding nor dmz..  it's just a website using ssl where you have to log on (and add MFA). Once you are logged in, you can open applications such as MS Word or any app installed in Windows Server. RDP is never opened. Only port 443 pointing to an IIS Server is opened like a regular website

21 hours ago, Demonslay335 said:

To second @GT500, have you heard of a little something called CVE-2019-0708? It's literally an exploit that doesn't require even logging in, completely bypassing MFA... it's not the first such exploit recently, nor will it likely be the last. Good that you have MFA, but seriously put it behind VPN.

rdp over ssl is secure as vpn or ssh. Port 443 is opened only! https://www.itpromentor.com/secure-rds/

7 hours ago, GT500 said:

I hope you mean SSH.

no. rdp over ssl.. using https with MFA, you can get access in a secure way to the remote server. and it's easier for users also!

This was a brand new customer where previous technicians never mentioned about rdp exploits and I warned them last week.. they had been using it for the last 4 years.... oh the irony..  They are now using rdp over ssl

so you are the guy that created the ransomware.. alright.. did you get the access via rdp? can you login now?

that is the email address for paying the ransom. we are rebuilding the machine anyway because we have all backed up. I'm here to contribute for not paying you nor anyone else.

so, where's the decryptor?

forgot to enable replies. please help!

Hi. I have a customer that got just infected with hta note. Tried the 2.0 but hta is not supported so I suspect the decrypter wont work.

_ReadMe.txt.[ID-3529887933][[email protected]].JSWORM manual.dat.[ID-3529887933][[email protected]].JSWORM JSWORM-DECRYPT.hta