Threat Intelligence
Targeting Backup Data / Platforms: Threat actors are exploiting misconfigurations or security gaps in backup systems to either erase or corrupt data backups, severely hindering recovery efforts.
Based upon these newer techniques, it is critical that organizations identify the span of the attack surface, and align proper security controls and visibility that includes coverage for protecting:
-
Identities
-
Endpoints
-
Network Architectures
-
Remote Access Platforms
-
Trusted Service Infrastructure (TSI)
Cascading weaknesses across these layers create opportunities for attackers to breach an organization's perimeter, gain initial access, and maintain a persistent foothold within the compromised network.
In our updated report, Ransomware Protection and Containment Strategies, we have expanded the strategies organizations can proactively take to identify gaps and harden their environment(s)to prevent the downstream impact of a ransomware event. The strategies represent practical and scalable methods to protecting organizations, and are the same strategies that are leveraged by Mandiant when working with clients across the globe.
The report covers several areas to help organizations mitigate the risk of and contain ransomware events including:
-
Attack Surface Identification and Reduction
-
Endpoint Hardening
-
Credential Protections
-
Domain Controller Protections
-
Group Policy Objects (GPOs)
-
Virtualization Infrastructure Protections
-
Backup Infrastructure Protections
If you are reading this report to aid your organization’s response to an existing ransomware event, it is important to understand how the ransomware was deployed through the environment and design your ransomware response appropriately. This guide should help organizations in that process.
Download the report today.
*Note: The recommendations in this report can help organizations mitigate the risk of and contain ransomware events. However, this report does not cover all aspects of a ransomware incident response. We do not discuss investigative techniques to identify and remove backdoors (ransomware operators often have multiple backdoors into victim environments), communicating and negotiating with threat actors, or recovering data once a decryptor is provided.
Published: 2024-04-30T14:00:00