Fighting a BlackCat Ransomware Active Directory Attack

The FBI released FBI Flash CU-000167-MW warning that the BlackCat/ALPHV ransomware-as-a-service (RaaS) group has compromised at least 60 entities worldwide. As with the majority of cyberattacks, BlackCat/ALPHV’s end game is an Active Directory attack.

Top of the list of FBI-recommended mitigations is to examine your Active Directory environment for unrecognized user accounts and other indicators of compromise. Auditing and hardening permissions and implementing an Active Directory recovery plan are also essential steps on the list.

Does your organization have robust protection to cover all three stages of the Active Directory attack cycle, before, during and after a cyberattack? A great starting point: download and run the free Purple Knight Active Directory Security Assessment Tool to discover security vulnerabilities and prioritize corrective actions. We’ve also put together a quick resource list for more information on some of the common exploits in this type of cyberattack and steps you can take to strengthen your identity security posture.

Discover Active Directory vulnerabilities

Finding and patching Active Directory vulnerabilities is a challenge due to the complexity of legacy environments, the sheer number of settings, and the expanding threat landscape. Check out these resources from our identity security experts to start closing AD security gaps:

Develop an effective and comprehensive Active Directory recovery plan

AD’s proactive protection against attacks is the first step in improving security. But you also need a tested AD recovery plan that you can deploy in the event of an attack. According to Enterprise Management Associates, 50% of businesses have experienced an AD attack over the past 1-2 years, and more than 40% of these attacks have been successful. Consolidate your AD DR plans with these guidelines:

Protect the keys to your kingdom

With the rise of ransomware and other cyberattacks, protecting Active Directory and Azure AD is more important than ever. Need to help decision makers understand the value of Active Directory-specific security? The practical ROI of rapid Active Directory recovery dives into just how much is at stake. In short, unless you have specific solutions in place to deal with Active Directory and Azure AD before, during, and after an attack, your entire organization continues to be at risk.

More resources

The post office Fighting a BlackCat Ransomware Active Directory Attack appeared first on Semperis.

*** This is a syndicated blog from the Security Bloggers Network of Semperis written by the Semperis team. Read the original post at: https://www.semperis.com/blog/combatting-a-blackcat-ransomware-active-directory-attack/

Comments are closed.