Blog Details

September 28, 2022

xDedic – Marketplace for Hacked RDP Credentials is Taken Down & Detailed Guide For Securing RDP Against Ransom ware.

The FBI has seized the site and servers of xDedic, a renowned online marketplace where cybercriminals would sell and buy access to compromised servers. In Ukraine, three individuals were also captured. The website has been operational since 2014, however it gained widespread attention after a Kaspersky report was published in June 2016.

According to the research, the site functioned as a registration-based online marketplace where different criminal gangs would either sell or buy hacked servers, which were typically in the form of compromised RDP (Remote Desktop Protocol) accounts.

xDedic: A Significant Source of Hacked Credentials Leading to Ransomware Attacks

Hacked Remote Desktop Protocol credentials obtained from sites such as xDedic have long been suspected of being the source of ransomware attacks. Bruteforce RDP access accounted for nearly 85% of ransomware attacks in Q4. As a supplement to their own brute force tactics, ransomware distribution teams buy access to previously hacked servers. Credentials are available from xDedic for as cheap as $5-10 each.

xDedic's Up and Down History as a Criminal Marketplace

xDedic began in 2014 but was temporarily shut down in 2016 when Kaspersky published a full report on its operations. It reappeared shortly after with a new paywall that required members to pay $50 to join. In order to improve anonymity, the site was also migrated to the Tor network. Despite the fact that this popular marketplace has closed, there are other marketplaces that offer similar services, such as MagBo. Purchasing stolen credentials will most likely shift to other channels, and the RDP assault vector will remain active.

Securing RDP is still critical for defending against ransomware.

Even though a large supply of stolen RDP credentials is no longer available, its impact on ransomware reduction may be negligible. Businesses must continue to take a multi-layered strategy to secure remote access. We suggest the following:
Hacked RDP
  • Limitation of RDP Access: Restriction of RDP access by needing a VPN connection. The default port number should also be modified. Access should be provided to a specific whitelist of IP ranges, and lockout provisions should be included such that brute force efforts result in a lockout or admin alerts.
  • Two-factor authentication (2FA): Enabling two-factor authentication on remote sessions and all remotely-accessible accounts could prevent the great majority of corporate ransomware outbreaks.
  • Users who do not need to service critical internal services should not have access to them. Check your permissions again and make sure employees only have the access they need to do their job. Accounts with access to key systems, including backups, should use 2FA.
  • Disaster Recovery: If RDP setups are compromised, a company's BCDR strategies must be documented and kept up to date. All vital data should be kept up to date in both on-site and off-site backup systems. IR firms should be kept on retainer to reduce expenses and recovery time in the case of a breach. Want to purchase RDP then you should definitely go with buy-RDP it provides you full support and 99% uptime with 3-tier server security your data will be always secured with us

read more

November 9, 2019

What Are The Benefits Of Buying Cheap RDP Online?

In today’s digital age, where remote work and online collaboration are becoming increasingly prevalent, Remote Desktop Protocol (RDP) has...

November 9, 2019

WHAT IS RDP ?

What is RDP RDP stands for Remote desktop protocol, which is developed by Microsoft technologies to enhance connectivity and, at...

November 23, 2019

How Are You Going To Save Your Money Using Cheap RDP?

In today’s fast-paced digital world, businesses and individuals alike are always looking for effective ways to cut costs without...

Facebook Twitter Youtube Instagram Rss
Related Tags:
Written by

Leave a comment