Even though it’s almost impossible to know the true number of leaked credentials available on underground markets, everyone agrees it’s a lot. This means that your organization has quite likely leaked credentials for sale somewhere. Every leaked credential is a potential ransomware attack.
You need to start scanning for these leaked credentials and take measures to reduce risk when they’re discovered. Unfortunately, too many organizations aren’t doing this, which means they’re at higher risk for a ransomware attack. If your organization already uses a threat intelligence service, they can most likely provide you with that scanning service. If not, there are a number of free or low-cost offerings that can alert you to new credential leaks for everyone in your domain.
One offering available to everyone is Troy Hunt’s “Have I Been Pwned HIBP)”
Domain search offering, which will send you alerts anytime someone from your organization appears in a credential dump.