Recent ransomware is latest and serious threat for windows server and remote desktop users. If you let your windows RDP as it is without taking any step to secure it then you may be next victim for those ransomware. Hacker always use robot to scan port and password, it is not possible for a human to manually check millions of computers port so they use robot script and firstly scan default port, so if you just change your default RDP port 3389 to something else then you haven taken a strong step to prevent them!
How to do that? It is very easy to change your RDP port as follows.
Press Windows logo + R now type or copy paste regedit.exe, when a window open find in left column HKEY_LOCAL_MACHINE> System> CurrentControlSet> Control> TerminalServer> WinStations> RDP-Tcp> PortNumber
Now double click on PortNumber registry subkey, then select decimal base and type port number you want to set. Always use port number above 4000 to max 65350, if you set below 4000 number then there could be a confilct if that port used by another application or windows, now save it by clicking ‘ok’.
You have do one more step before use new port, you have to enable this port in windows firewall. To do that simply open windows firewall now click on ‘Inbound rule’ in left column now click on ‘New Rule’ in right column. When a dialog window open tick on ‘Port’ then click next, now type your newly added port number in ‘Specific Local Port’ field then click next now make sure there is tick mark on ‘Allow the Connection’ now click next again next then type a name of your new rule and description, then click on finish. Restart your machine to ensure all settings take effect properly. After restart you can use your newly added RDP port.