Combatting a BlackCat Ransomware Active Directory Attack

By Semperis Team April 22, 2022 | Active Directory

The FBI has released FBI Flash CU-000167-MW warning that BlackCat/ALPHV ransomware-as-a-service (RaaS) group has compromised at least 60 entities globally. As with the majority of cyberattacks, BlackCat/ALPHV’s end game is an Active Directory attack.

Top on the FBI’s list of recommended mitigations is reviewing your Active Directory environment for unrecognized user accounts and other indicators of compromise. Auditing and hardening permissions and implementing an Active Directory recovery plan are also vital steps on the list.

Does your organization have robust protection to cover all three stages of the Active Directory attack cycle—before, during, and after a cyberattack? One great starting point: Download and run the free Purple Knight Active Directory security assessment tool to uncover security gaps and prioritize corrective actions. We’ve also assembled a quick resource list for more information about some of the exploits common to this type of cyberattack—and steps you can take to strengthen your identity security posture.

Discover Active Directory vulnerabilities

Finding and fixing Active Directory vulnerabilities is challenging because of the complexities of legacy environments, the sheer number of settings, and the expanding threat landscape. Check out these resources from our identity security experts to start closing AD security gaps:

Develop an effective, comprehensive Active Directory recovery plan

Proactively protecting AD from attack is the first step in improving security posture. But you also need a tested AD recovery plan that you can deploy in the event of an attack. According to Enterprise Management Associates, 50 percent of organizations experienced an attack on AD in the last 1 to 2 years, and more than 40 percent of those attacks were successful. Shore up your AD DR plans with these guidelines:

Protect the keys to your kingdom

With the increase in ransomware and other cyberattacks, protecting Active Directory and Azure AD is more important than ever. Need to help decision makers understand the value of Active Directory–specific security? The Practical ROI of a Quick Active Directory Recovery dives into just how much is at stake. In short, unless you have specific solutions in place to address Active Directory and Azure AD before, during, and after an attack, your entire organization continues to be at risk.

 

More resources

 

About the author
Semperis Team
Semperis Team
Semperis, the pioneer of identity-driven cyber resilience for cross-cloud and hybrid environments, offers educational resources, commentary, and research findings to inform technology leaders who are responsible for securing enterprise directory services. Linkedin
Unlock cyber resilience. Get a demo