Multiple failed logon event on terminal server

I’m encountering multiple failed logon events ‘4625’ on the terminal server. I was quite sure this was due to RDP access from outside. I have closed RDP access from outside but I’m still having these tuns of failed logon events.

The username of these attempts is randomly generated. The bad thing is that the source IP is empty.

I cannot shutdown the terminal server during business hours. What is the way forward to troubleshoot / solve this issue?