For several years, at least since the days of the SamSam ransomware , Active Directory and its associated services have played an important role in ransomware attacks. Whether ransomware groups are taking advantage of Active Directory’s structure to steal passwords, exploiting services running on Active Directory servers, or using Active Directory servers to directly push ransomware to the network, Active Directory has become a critical part of ransomware actors’ attack strategy.
Knowing that Active Directory services are critical to ransomware operations, it would make sense for organizations to take strong measures to protect their Active Directory servers and services. Unfortunately, that’s not the case. Active Directory is surprisingly hard to configure in a secure manner and, while no one has exact numbers, it appears that there are a lot Active Directory installations with misconfigurations. This page offers an overview of how to avoid such problems in your organization.
1. Virtual LANs (VLANs)
3. Software-defined network (SDN) segmentation
It’s the ransomware resource you can’t afford to be without. 437 Pages of ransomware know-how. Stay ahead of the cybercriminals: get your copy now!