Detections
Analytics

Insufficient Hardening Against Ransomware

medium

Language:

Description

Ransomware is the most disruptive global cyberthreat we face today. This threat affects virtually every industry and stems from a variety of root causes, which security teams must consider in their defender strategies.

Solution

This security measure is a recent addition, so the check will not mandate that the domain enable it. However, if the measure exists but is disabled, it poses a risk to the infrastructure and the IoE reports it as a deviance.

See Also

Active Directory is Now in the Ransomware Crosshairs

Anatomy of a modern ransomware attack

Which Protective Measures Will Help You Really Disrupt Ransomware Attacks?

Secure Active Directory and Stop the Spread of Ransomware

5 Ways to Strengthen Active Directory Security and Prevent Ransomware Attacks

How to Protect Active Directory Against Ransomware Attacks

Indicator Details

Name: Insufficient Hardening Against Ransomware

Codename: C-RANSOMWARE-HARDENING

Severity: Medium

Type: Active Directory Indicator of Exposure

Attacker Known Tools

Unknown: WannaCry

Unknown: Ryuk

Unknown: DarkSide (hacking group)