HOW TO STOP RANSOMWARE SPREADING VIA AD
The last couple of years have seen ransomware like LockerGoga and Samas omitting a spreader. Malware usually includes a means of propagating itself from an initial infected device to other devices on the same network. But instead of writing and testing the extra code, which may be prone to failure, hackers are leveraging a mechanism that is already present in most organizations: Active Directory. If a hacker gains privileged access to AD, it is easy to own an organization’s entire IT infrastructure. On-prem and cloud solutions are both vulnerable. AD contains information about all users, endpoints, applications, and servers. Standard administration tools can be used to query the directory without being detected by security software. Hackers can then use AD to propagate ransomware to every device in the organization.