RDP is a legitimate tool that enables IT departments to remotely manage Windows systems. But poorly secured RDP can give attackers easy entry into enterprise networks. Ransomware-wielding attackers continue to hack into organizations via remote desktop protocol. Many affiliates of the now-defunct GandCrab ransomware-as-a-service offering relied on RDP to place the ransomware onto targets’ systems, sharing a cut of every ransom paid with the Gandcrab gang. McAfee says that its global network of honeypots has captured evidence of attacks being waged by three Sodinokibi affiliates.”]
Source: https://www.cuinfosecurity.com/ransomware-gangs-not-so-secret-attack-vector-rdp-exploits-a-13342