So, I use my personal workstation at home as the gateway for remote Window RDP into my home network. A month ago, it got hit by Sodinokibi Ransomware and all of my files got locked up. For some reason, I was only running the default Windows security software.
The one thing that slightly unnerved me was that I had some desktop shortcuts to my server and some of the files in those folders also got locked up. Nothing else on the system or network appeared or appears to have been affected.
No biggie. I have backup, I just moved the locked files to an external HDD, formatted the system and reinstalled. This time, I installed Norton Internet Security on it.
Now, every few days I will get Norton Alerts that it is blocking an RDP Brute Force Attack. It'll just pound it over and over and over again. Last time, I just reset the router and the modem (resetting my public IP address). Then I added the IP address to Norton's restricted list. I got another one today. I just restarted the system and again added the IP address to Norton's restricted list.
Question #1 - Am I overreacting and this is no big deal? Norton will keep it blocked?
Question #2 - Was I thorough in dealing with it the first time around? Did I miss something that is causing the attacks?
Question #3 - What about my setup can be tweaked to create additional security? Should I set up a cheap Windows box that does nothing except act as a Gateway and then just RDP from there to the different devices in my system?
I know some of this is pretty simple stuff and I will probably smack myself in the head and say "duh" but any guidance, even if it is "Hey dummy, why are you doing this instead of this" is greatly appreaciated.
The one thing that slightly unnerved me was that I had some desktop shortcuts to my server and some of the files in those folders also got locked up. Nothing else on the system or network appeared or appears to have been affected.
No biggie. I have backup, I just moved the locked files to an external HDD, formatted the system and reinstalled. This time, I installed Norton Internet Security on it.
Now, every few days I will get Norton Alerts that it is blocking an RDP Brute Force Attack. It'll just pound it over and over and over again. Last time, I just reset the router and the modem (resetting my public IP address). Then I added the IP address to Norton's restricted list. I got another one today. I just restarted the system and again added the IP address to Norton's restricted list.
Question #1 - Am I overreacting and this is no big deal? Norton will keep it blocked?
Question #2 - Was I thorough in dealing with it the first time around? Did I miss something that is causing the attacks?
Question #3 - What about my setup can be tweaked to create additional security? Should I set up a cheap Windows box that does nothing except act as a Gateway and then just RDP from there to the different devices in my system?
I know some of this is pretty simple stuff and I will probably smack myself in the head and say "duh" but any guidance, even if it is "Hey dummy, why are you doing this instead of this" is greatly appreaciated.
Last edited by a moderator: