Insufficient Hardening Against Ransomware



Ransomware is the most disruptive global cyberthreat we face today. This threat affects virtually every industry and stems from a variety of root causes, which security teams must consider in their defender strategies.


This security measure is a recent addition, so the check will not mandate that the domain enable it. However, if the measure exists but is disabled, it poses a risk to the infrastructure and the IoE reports it as a deviance.

See Also

5 Ways to Strengthen Active Directory Security and Prevent Ransomware Attacks

Which Protective Measures Will Help You Really Disrupt Ransomware Attacks?

Secure Active Directory and Stop the Spread of Ransomware

How to Protect Active Directory Against Ransomware Attacks

Active Directory is Now in the Ransomware Crosshairs

Anatomy of a modern ransomware attack

Indicator Details

Name: Insufficient Hardening Against Ransomware


Severity: Medium

Attacker Known Tools

Unknown: Ryuk

Unknown: DarkSide (hacking group)

Unknown: WannaCry