A compromised domain controller is by far the most common denominator related to large-scale ransomware events. It is worth protecting with extra diligence, as once an attacker controls it, it’s game over.
Pondurance has spent considerable time analyzing common attack patterns to better reduce compromise, shorten dwell time, and prevent damaging ransomware outcomes. In doing so, we have found that a compelling common factor associated with the vast majority of cases is the compromise of the domain controller. While compromising a domain controller is not the only way, it is a common method attackers use to quickly impact a Microsoft Windows active directory domain and execute a ransomware payload.
From a business perspective, relatively small investments have been made to create focused strategies addressing domain controller security and ongoing monitoring and testing, and those may be some of the best dollars spent in your security program. There are basic hygiene steps you can take to better protect your domain controller.
About 99% of ransomware spreads through your domain controller, and we expect this statistic to increase in 2021. See what you can do to protect your organization now and get the best practices for protecting your domain controller in our latest whitepaper: The Domain Controller…An Achilles Heel