This is an incoming block - meaning the IP address you see us blocking is scanning and/or attempting to force its way into your machine via different ports. These attacks can last anywhere from a few hours, days, to a week. They probe IP ranges then attempt to brute force their way into machines in order to infect them with ransomware.
The most common method of accessing machines is via Windows Remote Desktop Protocol (RDP). We recommend you check to see if you have the Remote Desktop enabled and if so, disable it. For more information, see How to use Remote Desktop.
If you need to use Remote Desktop, see our Malwarebytes Labs article How to protect your RDP access from ransomware attacks on how best to lock it down.
What you can do
- Given that Malwarebytes is blocking the attackers, you do not need to worry and no further action is required.
- If the block alerts are interfering too much with your daily work, it may help if you add the IP address you see in our Alert to the Windows Firewall.
To view the IP address in our alert:
- Open Malwarebytes for Windows > click the Detection History card.
- Click the History tab.
- Under the Event column, open the Real-Time Protection detection report.