Active Directory Is the Common Attack Target

Protect Public Sector Organizations from Ransomware

Ransomware attacks against state and local governments, schools, and other public sector organizations are on the rise.

Cyberattacks against public sector are on the rise

State and local government agencies, schools, and other organizations have emerged as prime targets for attacks according to Verizon 2022 Data Breach Investigations Report. Public sector organizations are highly exposed and vulnerable to cyberattacks because they hold large amounts of sensitive data—making them a lucrative target for attackers.

Sophisticated ransomware groups such as Vice Society and LockBit have relentlessly targeted public firefighting services, schools, universities and city and county services using Active Directory as the primary attack vector.

of public sector organizations were hit by ransomware in the last year, up one-third from the previous year
of public sector organizations had data encrypted the last year—one of the highest across sectors
average cost for public organizations to remediate a ransomware attack

Purple Knight Proves Essential in Securing AD for Southern Utah University

AD is a common target in public sector cyberattacks

Active Directory is the core identity store for 90% of organizations worldwide, including state and local governments. Sophisticated cyber criminals such as Vice Society and LockBit 2.0 have relentlessly targeted public firefighting services, schools, universities, and city and county services.

  • Vice Society targets multiple schools in the UK

    UK attack on 14 schools in fall 2022 was claimed by Vice Society, which uses ransomware including BlackCat to compromise Active Directory and gain control of the victim organization’s network environment.

  • LockBit hits county in Virginia

    LockBit ransomware gang claimed an attack on Southampton County, Virginia, that compromised personal data. The LockBit group uses various tactics, techniques, and procedures (TTPs) to compromise victim organizations, including abusing AD group policies to encrypt devices across Windows domains.

Gain control of public sector identity security

Active Directory is involved in 9 out of 10 cyberattacks. Semperis helps public sector organizations prevent, mitigate, and recover from identity-related breaches—before, during, and after an attack.

checklist icon


Sophisticated ransomware groups are targeting state and local organizations with AD exploits.
Semperis identifies gaps in AD, including indicators of compromise (IOCs) and indicators of exposure (IOEs) resulting from human error or malicious actors.
Many attackers inject malware or ransomware weeks or months before triggering it, infecting system backups and making recovery more difficult.
Semperis reduces the time to fully recover AD from days or weeks to minutes or hours—accelerating the return of operations and closing security gaps to prevent a similar attack recurring.
Lack of AD and Azure AD expertise with staff in public sector organizations.
Semperis has extensive domain experience with more than 100+ years’ collective Microsoft MVP experience in directory services and Active Directory Group Policy.

Why AD systems in public sector orgs are vulnerable

As targets of cybercriminals in the public sector industry, state and local government organizations and schools are especially vulnerable to malicious attacks. The attack on Southhampton, Virginia is just one example. Because these types of attacks are increasing, all public sector organizations need to prioritize cyber security measures.

IT and security teams in public sector organizations face multiple challenges:

Legacy technologies
Remote infrastructure
Siloed IT and security teams
Outdated security practices
Complex digital & networked environment
Limited budgets and resources

How Semperis helps public sector organizations secure AD

Without the AD-specific protection that Semperis provides, your organization is still vulnerable to cyberattacks.

Here’s how Semperis has helped public sector organizations—including schools and government agencies—protect AD from cyberattacks.

Large university fights cyberattacks with Semperis


A large university survived a cyberattack with little damage but needed protection for the future.


Incident response investigation revealed vulnerabilities in their backup, recovery, and mitigation plans.


Improved identity security strategy with tested AD backup and recovery plan, advanced threat detection, and continuous AD security monitoring delivered by Semperis.

  • Found indicators of exposure
  • Implemented proactive program of AD security
  • Automated ensure malware-free recovery
School district elevated AD security with Semperis


U.S. school district faced increasing threat of cyberattacks and severe understaffing.


The district had been de-emphasizing rigorous AD hygiene and security, which resulted in an alarmingly high numbers of vulnerable disabled and stale accounts.


Using Semperis solutions, the district prioritized Active Directory security and recovery and adopted Semperis solutions as foundational elements of the strategy.

  • Reduced AD attack surface with vulnerability scanning
  • Implemented continuous monitoring for IOEs and IOCs
  • Automated rollback of malicious changes in AD

Leading public sector organizations trust Semperis

Top public health organizations rely on Semperis to safeguard their most valuable assets, maintain compliance, and achieve operational efficiency in an ever-evolving digital landscape.



Our mission resonates with industry leaders

I recommend Purple Knight for its ease of use—it’s GUI-based, it gives you a quick report card, and gives you a good, easy checklist of things to start working on.

Learn more Jim Shakespear Director of IT Security, Southern Utah University

Purple Knight is the first utility I’ve used that digs this deep into Active Directory. It works so well, I didn’t need to find anything else.

Learn more Micah Clark IT Manager, Central Utah Emergency Communications
School District

Purple Knight is a powerful tool with a nicely packaged set of scripts that does a fantastic job of showing you some of the hidden aspects of your AD that are just waiting to be discovered by the wrong person.

Learn more Patrick Emerick Senior Systems Engineer, Bethel School District

Our resources

Learn more about how cybercriminals exploit public sector organizations’ identity systems