Early-bird Discount
expires in
Register Now


A Ransomware Attack Against Your AD – The Things To Do Pre-Attack And Post-Attack!

A Ransomware Attack Against Your AD – The Things To Do Pre-Attack And Post-Attack!

Combined Session
Friday, June 07, 2024 13:30—14:30
Location: A 05-06
Watch the video

With cybercrime on the rise, ransomware attacks that target Active Directory (AD), the primary identity store for most businesses worldwide, are as common as having a cup of coffee. Many cyber incidents involve AD in one way or another. Given that an attack on AD, these days, is more of a "when" rather than an "if" scenario, organizations must have a tested AD DR plan and purpose-built solutions for securing AD before a cyberattack and recovering and securing AD after that cyberattack. In addition, if like many organizations today, you have a hybrid identity environment that connects AD with Entra ID (formerly known as Azure AD), do you know what needs to happen to reconnect? Recovering as fast as possible is one thing, assessing the security of your AD and mitigating any (critical) risks is another. But what about reconnecting AD back with Entra ID? Knowing which precautionary measures to take to minimize damage (i.e., the impact on user experience and data loss) within Entra ID is of utmost importance!

This presentation discusses the risk to today’s enterprise organizations and explains why prioritizing hybrid identity (Active Directory and Entra ID) security is so important. Examples of various identity threat detection and response (ITDR) tools to evaluate AD security (pre- and post-attack) and discover vulnerabilities that could attract attackers are also discussed.

Attendees will also learn why an AD Recovery Plan is a vital resource for ongoing operational resilience, including the different ways to execute parts of that DR plan and what the impact is of such an execution. Finally, we will discuss what the problem is with reconnecting AD back with Entra ID and what you can do about it to mitigate any impact.

In summary, during this session, attendees will learn the following:

  • Learn how to evaluate the security of an AD
  • Learn how to prepare for a disaster scenario
  • Learn which backup to choose and why
  • Learn how to remediate risk (due to security) right after recovery
  • Learn how to remediate impact when reconnecting AD with Entra ID 

If time allows, the highlights of a real-life AD recovery scenario will be discussed, to put all the pieces together.

Jorge de Almeida Pinto
Senior Incident Response Lead
Jorge de Almeida Pinto is a Senior Incident Response Lead working for Semperis helping customers proactively and reactively to be and remain secure. He has been a Microsoft MVP since 2006, and has...
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch