RDS-Knight is a cyber security tool developed by RDS-Tools, to protect Remote Desktop servers all around the world.
It was then paramount to add a protection against ransomware in it. The first step of implementing a ransomware protection requires to study the enemy.
Thomas Montalcino
is the talented developer who has been in charge of this ambitious project. The development took place in two phases, starting with long and stressful weeks of research and tests starting from July 2018.
How to Fight Ransomware on RDS Servers
Despite the fact that Ransomware is the worst kind of malware existing on the Internet, Thomas said that
"
It was surprisingly easy to find various ransomware samples, always released for research or educational purpose
."
However, the rest of the process was not that relaxing. Interviewed on the occasion of RDS-Knight 3.2 release, Thomas shared his experience. The strategy consisted in downloading different strains of ransomware and running them on Virtual Machines to understand their behavior. From the famous WannaCry, TeslaCrypt and NotPetia to the creation of his own ransomware test, Thomas has taken high risks to be able to provide the best protection for RDS servers. Destroying hundred of VM in the process:
Needlessly to say, I took a high-adrenalin ride each time I tested a different ransomware, the outcomes remaining quite uncertain. During this study phase, we learnt that each ransomware uses their own mechanisms to find and encrypt valuable files
.
As an example, TeslaCrypt focuses on saved game files, which is indeed the most valuable data for a lot of people!
Therefore, the development team decided to implement pure behavioral detection techniques that do not rely on malware signatures, allowing the protection to catch ransomware which does not exist yet. Practically, baitfiles are strategically placed by RDS-Knight in key folders where ransomware usually begin to attack. The files are created to be scalable: randomly named, they automatically refresh to stay up-to-date and efficiently fool any ransomware.
The most intensive part was yet to begin. Thomas explains where the difficulty relied:
"
A race begun between the different strains of ransomware collected and the protection still under development. We pushed the protection as far as possible to overrun the ransomware and immediately suspend its activity. Servers performs so well nowadays that it becomes a real disadvantage when such processing power is harnessed by a malicious software. A lot of virtual machines were harmed during this process, but we overcame this obstacle.
"
RDS-Knight is able to detect ransomware attacks at an early stage and to stop the data encryption before any dramatic damage is done.
With such properties, no doubt that
RDS-Knight Ransomware Protection is the right weapon to protect business data against these serious and always evolving threats.
Not to mention the great enhancements included in the newest RDS-Knight 3.2 release:
-
VNC support is now included for Homeland Access Protection and Brute-Force Attacks Defender. Because security is a concern for all Network Admins, RDS-Knight extends its amazing features to RDP-like protocols. The support is available for the most used VNC software.
-
The time-zone can now be selected to apply Working Hours Restriction rules differently depending on the employee's office location.
-
The overall performance is highly enhanced to deliver more security and reliability. With your consent, RDS-Knight will be collecting and sending anonymous data in order to support the next evolutions of the product!
RDS-Knight is a must-have security package that all businesses need to protect their RDS server(s).
RDS-Tools team plans many great innovations for the upcoming releases, such as the possibility to save a healthy version of the infected files during a ransomware attack, in order to easily restore them after cleaning the system. To stay in touch with the upcoming news;
subscribe to RDS-Tools monthly Newsletter.