Resurrecting Active Directory After a Ransomware Attack

Jorge de Almeida Pinto

Solutions Architect and Product Manager of Active Directory Forest Recovery | Semperis

Jorge has been a Microsoft MVP since 2006 with a specific focus on designing, implementing, and securing Microsoft Identity & Access Management (IAM) technologies. Holding various Microsoft certifications, his experience includes Active Directory (AD) design and implementation, training, presenting, developing security-related scripts and tools, and developing and implementing AD and Azure migration and disaster plans.
With cybercrime on the rise, ransomware attacks that target Active Directory (AD)—the primary identity store for most businesses worldwide—are as common as having a cup of coffee. According to Mandiant consultants, 90 percent of cyber incidents they investigate involve AD in one way or another. Given that an attack on AD is a “when” rather than “if” scenario, organizations must have a tested plan and purpose-built solutions for recovering AD after a cyberattack. Do you have such a disaster recovery (DR) plan? Have you ever tested your backups?
In this session, Jorge will discuss key considerations, potential mistakes, and different options to evaluate when developing your AD DR plan What you’ll learn:
  • How to proactively secure and protect AD from cyberattacks by enforcing administrative tiering best practices, preventing lateral movement, uncovering compromised passwords, and more
  • Why the ability to recover AD in a cyberattack scenario is a must-have for organizations because of AD’s role in providing access and authentication to business-critical applications, addressing risk management, ensuring business continuity, and more
  • AD cyberattack scenarios to address, including multiple (or entire) domain controller outages and irreversible malicious changes
  • Points to consider when developing an AD DR plan, including the decision-making process, backup scenarios, password vaults, and DR plan documentation
  • Limitations of the Microsoft guidelines for manually recovering AD
  • How to automate AD recovery to save time during a cyber incident and accelerate recovery of business operations