RDS-Knight is a cyber security add-on developed by TSplus, to protect Remote Desktop servers all around the world. It was then paramount to add a protection against ransomware in it. The first step of implementing a ransomware protection requires to study the enemy. Thomas Montalcino is the talented developer who has been in charge of this ambitious project. The development took place in two phases, starting with long and stressful weeks of research and tests starting from July 2018.
How to Fight Ransomware on Remote Desktop
Despite the fact that Ransomware is the worst kind of malware existing on the Internet, Thomas said that
“It was surprisingly easy to find various ransomware samples, always released for research or educational purpose.”
However, the rest of the process was not that relaxing. Interviewed on the occasion of RDS-Knight 3.2 release, Thomas shared his experience. The strategy consisted in downloading different strains of ransomware and running them on Virtual Machines to understand their behavior. From the famous WannaCry, TeslaCrypt and NotPetia to the creation of his own ransomware test, Thomas has taken high risks to be able to provide the best protection for RDS servers. Destroying hundred of VM in the process:
“Needlessly to say, I took a high-adrenalin ride each time I tested a different ransomware, the outcomes remaining quite uncertain. During this study phase, we learnt that each ransomware uses their own mechanisms to find and encrypt valuable files.”
As an example, TeslaCrypt focuses on saved game files, which is indeed the most valuable data for a lot of people!
Therefore, the development team decided to implement pure behavioral detection techniques that do not rely on malware signatures, allowing the protection to catch ransomware which does not exist yet. Practically, bait files are strategically placed by RDS-Knight in key folders where ransomware usually begin to attack. The files are created to be scalable: randomly named, they automatically refresh to stay up-to-date and efficiently fool any ransomware.
The most intensive part was yet to begin. Thomas explains where the difficulty relied:
“A race begun between the different strains of ransomware collected and the protection still under development. We pushed the protection as far as possible to overrun the ransomware and immediately suspend its activity. Servers performs so well nowadays that it becomes a real disadvantage when such processing power is harnessed by a malicious software. A lot of virtual machines were harmed during this process, but we overcame this obstacle.“
RDS-Knight is able to detect ransomware attacks at an early stage and to stop the data encryption before any dramatic damage is done.
With such properties, no doubt that RDS-Knight Ransomware Protection is the right weapon to protect business data against these serious and always evolving threats.
Not to mention the great enhancements included in the newest RDS-Knight 3.2 release:
- VNC support is now included for Homeland Access Protection and Brute-Force Attacks Defender. Because security is a concern for all Network Admins, RDS-Knight extends its amazing features to TSplus-like protocols. The support is available for the most used VNC software.
- The time-zone can now be selected to apply Working Hours Restriction rules differently depending on the employee’s office location.
- The overall performance is highly enhanced to deliver more security and reliability. With your consent, RDS-Knight will be collecting and sending anonymous data in order to support the next evolutions of the product!
RDS-Knight is a must-have security add-on to use with TSplus in order to protect your RDS server(s).