xDedic – Marketplace for Hacked RDP Credentials has been taken down, and a detailed guide for securing RDP against ransomware


The FBI has seized control of xDedic’s website and servers, a well-known online marketplace where cybercriminals could sell and buy access to compromised servers. Three people were also apprehended in Ukraine. The website has been up and running since 2014, but it attracted broad attention with the publication of a Kaspersky report in June 2016.

According to the findings, the website served as a registration-based online marketplace where various criminal gangs would either sell or buy hacked servers, which were often in the form of compromised RDP (Remote Desktop Protocol) accounts.

The Ups and Downs of xDedic as a Criminal Marketplace

xDedic was founded in 2014, however, it was temporarily shut down in 2016 when Kaspersky issued a comprehensive report on its operations. It returned shortly after with a new paywall that demanded $50 to join. The site was also moved to the Tor network to boost anonymity. Despite this popular marketplace closing, other marketplaces, such as Magno, provide similar services. Purchasing stolen credentials will most likely transfer to other means, and the RDP assault vector will continue to operate.

Securing RDP is still crucial for ransomware defense.

Despite the fact that a substantial supply of hacked RDP credentials is no longer available, their influence on ransomware reduction may be insignificant. Businesses must maintain a multi-layered approach to safeguard remote access. We recommend the following:

  • RDP Access Restriction: RDP access is restricted by the requirement of a VPN connection. The default port number should be changed as well. Access to a specific whitelist of IP ranges should be granted, and lockout provisions should be incorporated so that brute force attempts result in lockout or admin notifications.
  • Enabling two-factor authentication (2FA) on remote sessions and all remotely accessible accounts could prevent the vast majority of corporate ransomware outbreaks.
  • Users who do not require access to critical internal services should not have it. Check your permissions once more to ensure that staff only have the access they require to complete their job. Accounts with access to critical systems, including backups, should employ two-factor authentication.
  • Disaster Recovery: If an organization’s RDP settings are compromised, its BCDR strategies must be documented and kept up to date. All critical data should be kept updated in on-site and off-site backup systems. In the event of a breach, IR firms should be kept on retainer to minimize expenses and recovery time. If you want to buy Secure RDP, you should absolutely go with buy-RDP because it offers full support and 99% uptime with 3-tier server security, ensuring that your data is always safe with us.