Related blog contentHow to protect your RDP access from ransomware attacks
Microsoft pushes patch to prevent ‘WannaCry level’ vulnerability
The IP address 220.127.116.11 was blocked by Malwarebytes as part of the range 18.104.22.168/32 because one or more systems at this IP have been compromised. Systems at this IP are used to scan your system.
This range of IP addresses have been found to be involved in RDP probes or attacks. This is a block of incoming traffic – meaning the IP address being blocked is scanning and/or attempting to force its way into your machine via different ports. These attacks can last anywhere from a few hours, days, to a week. IP ranges will be probed by the compromised systems followed by an attempt to brute force their way into machines in order to infect them with ransomware.
The most common method of accessing machines is via Windows Remote Desktop Protocol (RDP). We recommend you check to see if you have the Remote Desktop enabled and if so, disable it. For more information, see How to use Remote Desktop. If you need to use Remote Desktop, see our Malwarebytes Labs article How to protect your RDP access from ransomware attacks on how best to lock it down.
What you can do
Given that Malwarebytes is blocking the attackers, you do not need to worry and no further action is required. If the block alerts are interfering too much with your daily work, it may help if you add the IP address you see in our Alert to the Windows Firewall. To view the IP address in our alert:
Should users wish to visit a blocked IP Address and exclude it from being blocked, they can add it to the exclusions list. Here’s how to do it.
Select your language