Stolen or weak remote desktop credentials are routinely used to infect point-of-sale systems with malware, but recently they’ve also become a common distribution method for file-encrypting ransomware.