,,,,what phone system?
The only one I could think that could be badly affected by this is 3CX. Unless they are using soft-phones on Windows PC's.
The ransomware that infected computers at the UK National Health Service's Lanarkshire outpost, causing an outage that lasted most of last weekend, has been tagged as a ransomware that demanded 53 Bitcoin for files to be decrypted. There's no evidence that the NHS district paid up, which isn't surprising because at current …
Lync/Skype for Business perhaps?
There are also a variety of Windows SIP servers that could probably be used with generic SIP handsets.
It could also be that this was a Hyper-V or other Windows based virtualisation host that was hit, and the phone system that was hit was in a VM which opens up a whole host of other possibilities as well.
Speaking from a position of ignorance, isn't the whole point of RDP that you are remote?
I assume that Citrix clients have a similar distributed architecture so Citrix endpoints would also be visible.
Does this mean that RDP should only be used from within a VPN?
Oh, and by Microsoft Helpdesk scammers, of course.
Yes, you should use a VPN or similar service to tunnel the connection.
Opening RDP, Citrix etc. directly is a bad idea in general. The RDP is certainly only really designed for internal access (remote administration or terminal services), it isn't very robust, when it comes to being put on the Internet - plus your security is only username and password, adding a security layer around it is always a sensible idea.
After translation of the page it doesn't say that this attack was performed via RDP more that this is a common vector (And from experience I've seen more than a few of these attacks via RDP). The article does mention other vectors - such as email attacks etc.
Saying that if RDP is open directly to the internet it is simply a matter of time.
Either VPN or at least setting up terminal services gateway services so the connection is over https and far harder to brute force.
RDP open to the internet is simply a disaster waiting to happen, you may as well stick the server out on the street with a sign saying "free" on it.