The Windows Remote Assistance tool that ships with all Windows distributions can be can be abused for clever hacks in targeted attacks.
Today a reader sent me info regarding the LockCrypt Ransomware still being actively distributed over hacked remote desktop services. This variant, when installed, will encrypt a victim's files and then append the .1btc extension to encrypted file names.
Today we are going to take a quick look at a new ransomware called RSAUtil that was discovered by Emsisoft malware researcher xXToffeeXx. RSAUtil is distributed by the developer hacking into remote desktop services and uploading a package of files.