5333 private links
Tip #1: Have a Plan
Let us start easy: Have a plan. If you have not suffered a ransomware attack, congrats! You now have time on your side – hopefully. Use that to get a plan in place, even if you do not have a security team. Start with this simple question: If you got hit by an attack right now, how would you respond? //
Tip #2: Work Together: Ransomware is More than Security.
Ransomware is no longer just a “security problem.” A ransomware attack impacts users, legal, HR, finance and many others, including of course the security team. You cannot successfully defend against an attack if the organization is siloed within itself. //
Tip #3: Audit, and Limit, Highly-Privileged Accounts in Active Directory
One of the first objectives for attackers in a victim environment is to find and gain elevated credentials. These credentials are often necessary to achieve their objectives – they need privileges to find additional systems, move laterally around the environment, execute certain commands, establish persistence, etc. Far too often in our investigations we uncover environments with simply too many highly privileged accounts – and attackers are betting on this. //
Tip #5: Implement and Simulate. Wash, Rinse and Repeat.
Once you have account protections in place, utilize open-source tooling or a security vendor to test your environment. No need to ransom yourself – instead, focus on earlier stages of an attack such as credential theft or lateral movement. What did you detect, what were you able to achieve? Frequent testing will not only give you more insight into your environment, but it will also show you where you have detection gaps and coverage.
We cannot simply plug in tools and expect to be defended with the “push of a button.” Proper information security requires knowledge of the environment and frequent testing and tuning. If you have not suffered an attack, good. Do not wait for the “if” – instead, minimize the “when.”
