Security experts warn that weak RDP credentials are in wide circulation on darknet marketplaces. Darknet markets sell Harvested RDP Credentials for as little as $3 each. Ransomware, Crysis and Bitpaymer have used RDP to spread strains of crypto-locking ransomware. Security experts recommend that organizations always secure RDP using strong and complex passwords to block brute-force attacks, monitor for unusual network behavior and regularly audit ports to ensure that there are no open and unsecured RDP or SSH ports.”]
Source: https://www.cuinfosecurity.com/hackers-exploit-weak-remote-desktop-protocol-credentials-a-10433