XPan works by penetrating poorly protected remote desktop protocol (RDP) connections. Hackers use those connections to manually install the ransomware and encrypt files, according to a report by Kaspersky Lab’s Global Research and Analysis Team.
“XPan is a very targeted attack against servers with RDP connections exposed to the internet. The bad guys do a brute force attack, enter, and run the ransomware manually in most cases,” said Fabio Assolini, a Kaspersky Lab researcher.
Full Article
