PAVT ransomware attack – check your Remote Desktop access!

PAVT, distributors of EAW, ClearOne, and Symetrix among others, were hit this week by a ransomware attack on one of their servers. While this represented at worst an inconvenience for PAVT as they restored from a back-up, they have taken this opportunity to issue a PSA to warn others of the potential vulnerabilities in their systems.

The ransomware that infected PAVT is Phobos, which uses Remote Desktop in order to distribute itself. As Remote Desktop is commonly used for service and monitoring of installations, PAVT recommend you check your RDP security. A legally required email to PAVT’s database yesterday read:

“We would recommend, as with other threats, it is important to make sure your assets are secure to prevent such compromises. In this particular case, businesses should review any machines where Remote Desktop Protocol (RDP) access has been enabled and either disable it if it is not needed, or making sure the credentials are strong to prevent such things as brute-forcing.”