Ransomware is once again in the news. Attackers are reportedly targeting health care providers and are using targeted phishing campaigns disguised as meeting invites or invoices that contain links to Google documents, which then lead to PDFs with links to signed executables that have names with distinctive words like “preview” and “test”.
Once the ransomware enters a system, attackers go after low-hanging fruit left behind on our networks to move laterally and do more damage. Such easy access is preventable and might be the result of an old and forgotten setting or an outdated policy. Here’s how you can check for seven common Windows network weaknesses and keep ransomware perpetrators from embarrassing you and your team.
1. Passwords stored in Group Policy preferences
Did you ever store passwords in Group Policy preferences? In 2014, MS14-025 patched Group Policy preferences and removed the ability to store passwords insecurely but did not remove the passwords. Ransomware attackers use the PowerShell script Get-GPPPassword to obtain left-behind passwords.
Review your Group Policy preferences to see if your organization ever stored passwords in this fashion. Think of any other time that you’ve left credentials behind in a script or batch file. Review your administrative processes for passwords left behind in notepad files, scratchpad locations and other files that are not protected.