Rdptest Ransomware

Upon thorough analysis, it has been ascertained that Rdptest operates as a form of ransomware. Upon infiltrating the victims' operating systems, Rdptest initiates a process of encrypting their files and subsequently modifies the filenames. Two ransom notes, namely 'info.hta' and 'info.txt,' are then presented to the affected victims. Rdptest adds a unique identifier (ID), the email address 'rdpstresstest@proton.me,' and the '.rdptest' extension to the filenames. To illustrate, it transforms a file like '1.jpg' into '1.jpg.id[1E857D00-3559].[Rdpstresstest@proton.me].rdptest,' and '2.pdf' into '2.png.id[1E857D00-3559].[Rdpstresstest@proton.me].rdptest,' and so forth. It is noteworthy that this particular strain of ransomware belongs to the Phobos family.

The Rdptest Ransomware can Cause Significant Damage

The Rdptest Ransomware's ransom note communicates to victims that all of their data has been encrypted due to a security issue on their computer. To initiate the file restoration process, victims are instructed to contact the attackers via email at rdpstresstest@proton.me, including a specific ID in the message title. An alternative email address (rdpstresstest@keemail.me) is provided in case there is no response within a 24-hour period.

The ransom demand is specified in Bitcoins, and the amount is contingent upon how promptly the victim communicates with the attackers. The note assures victims of free decryption for up to 5 files (total size less than 4Mb) as a guarantee. It also cautions against renaming files or attempting third-party decryption to mitigate the risk of potential data loss or falling victim to hemes.

Rdptest employs various tactics to compromise the system's security. It disables the firewall and eliminates the Shadow Volume Copies, thereby limiting options for data recovery. The ransomware exploits vulnerabilities in Remote Desktop Protocol (RDP) services, gaining unauthorized access through brute force and dictionary attacks, particularly on systems with weak account credentials.

The malware exhibits persistence on the compromised system, not only encrypting and compromising files but also collecting location data. Furthermore, Rdptest has the capability to selectively exclude predefined locations, intensifying its impact and extending its duration. This multifaceted approach underscores the severity and complexity of the Rdptest Ransomware threat.

Take Actions to Protect Your Devices from Malware and Ransomware Threats

Users should make sure to protect all of their devices against malware and ransomware threats. Although it is impossible to eliminate these risks entirely, several easy-to-implement measures will drastically reduce the chances of malware infections:

• Install and Update Anti-malware Software: Ensure that reputable anti-malware software is installed on your device. Regularly update the security software to ensure it has the latest security definitions and security patches. Schedule automatic scans to check for and remove any potential threats.
•  Keep Operating Systems and Software Updated: Regularly update your device's operating system and all installed software. Set up automatic updates whenever possible to ensure that you receive the latest security patches. Many malware attacks target vulnerabilities in outdated software, and staying up-to-date can significantly reduce the risk.
•  Exercise Caution when handling Emails and Downloads: Be wary of any unsolicited emails, especially if they carry attachments or links. Avoid interacting with attachments or clicking on links from unknown or suspicious sources. Download software and files only from reputable and official sources. Avoid downloading cracked software or files from untrustworthy websites, as they may contain bad code.
•  Use Powerful, Unique Passwords and Enable Two-Factor Authentication: Create unique passwords for every account. Be certain of using a combination of upper and lowercase letters, numbers, and symbols. Enable Two-Factor Authentication (2FA) if possible. This includes a stronger layer of security by demanding a second form of verification, such as a code sent to your mobile device.
•  Backup Important Data Regularly: Regularly back up your important data to an external hard drive or a secure cloud service. In the case of a ransomware attack, having up-to-date backups makes it possible to restore your files without succumbing to ransom demands. Disconnect the backup device or service from your device when not in use to prevent it from being affected in case of an attack.

By implementing these proactive measures, users can significantly reduce the risk of malware and ransomware threats and boost the overall security of their devices.

The main ransom note shown by the Rdptest Ransomware is:

'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail Rdpstresstest@proton.me
Write this ID in the title of your message 1E857D00-3449
In case of no answer in 24 hours write us to this e-mail:rdpstresstest@keemail.me
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

The text file dropped by Rdptest Ransomware contains the following message:

!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: Rdpstresstest@proton.me.
If we don't answer in 24h., send e-mail to this address: rdpstresstest@keemail.me'