FBI CHECKLIST:

Recommendations to
mitigate ransomware attacks
Introduction
In 2021, the United States saw an alarming rise in cyberattacks and hostile cyber activity.
These cyberattacks affected organizations across a wide range of industries, as well as the
general population of the nation. According to the 2021 FBI Internet Crime Report, $6.9
billion was lost due to cybercrimes, up more than $2 billion from 2020. Now, this is just the
US, but what about the rest of the world?

According to Cybersecurity Ventures, global cybercrime expenditure is expected to rise

15% each year over the next 3 years, reaching more than $10.5 trillion by 2025.

Let that sink in.

These costs arise from data corruption and destruction, money lost due to financial fraud,
lost productivity, intellectual property theft, theft of confidential information,
embezzlement, controlling a security incident, forensic investigation, recovery of
compromised data and systems, and damage to a brand's reputation.

Since many organizations, especially small-to-medium enterprises (SMEs) face multiple

challenges in preventing data breaches and cyberattacks, the FBI has come up with a list
of recommendations to mitigate cyberattacks.
An admin's
checklist to mitigate
ransomware attacks:
Robert Mueller, a former FBI director once said, "There are only two types of companies:
those that have been hacked, and those that will be." Let's face it, ransomware attacks are
always around and waiting to ambush an organization. It is the real-time resilience and the
ability to preempt a cyberattack that defines the strength of an organization's
cybersecurity infrastructure. With that in mind, let's take a look at the FBI's
recommendations to mitigate ransomware attacks.
Set up a
robust backup
and recovery
How does ManageEngine AD360 help?
mechanism To make the whole process of backup and recovery hassle-free, AD360 regularly performs
a complete backup of Active Directory (AD), Azure Active Directory, Microsoft 365, Google
Regularly back up your data, air Workspace, and Exchange environments at fixed intervals, and allows you to restore them
gap (a security mechanism for either completely or on a granular level. AD360 enables you to encrypt your backup data
protecting computers, computer and store them within your premises, or utilizing OneDrive, Azure Blob storage, Azure file
systems, or networks from being
shares, and Google Drive. You can assign user roles and permissions to ensure that only
linked to other devices or
authorized users have access to the backup data.
networks in any way.), and
password-protected copies
offline.

Make sure that the copy of the

backup data is inaccessible to
change or delete from the system
where the data resides.

Benefits

Prevents data loss

Ensures reliable replication
Meets compliance standards.
 Exclusive AD360 features

In a single click, you can restore all security permissions and rights of users, attributes
of particular objects, and deleted AD objects, including their parent containers.
EXCLUSIVE
Group memberships are also restored when restoring deleted users.

AD360 also enables you to recover deleted AD objects from different Windows Server
versions, such as Windows 2008, 2008 R2, 2012, 2012 R2, 2016, and 2019 servers,
without the need to restart the domain controllers.
Auditing
user accounts
How does ManageEngine AD360 help?
Check for new or unrecognized
user accounts in domain AD360 gives you a bird's-eye view of when users are added or removed from domain
controllers, servers, workstations, controller, servers, AD, and security and distribution groups. This helps you to identify and
and AD. prevent unrecognized accounts from gaining unauthorized access. Also, AD360 helps
you to track file access and permission changes in AD, servers, NetApp, EMC, Synology,
Examine user accounts with Hitachi, and Huawei file systems. This solution provides real-time visibility regarding who
administrative privileges and changed which folder, when, and from where.
configure access controls
according to the principle of least
privilege (POLP).

Benefits

Minimizes the attack surface

Limits malware propagation
Ensures a greater system stability
Examine user privileges with reports, documenting from the user's first access of privileges, and
prevent privilege abuse by removing unnecessary privileges.

By using AD360's user creation templates, you can configure access controls according to POLP
by adding all the required privileges and permissions of your users, groups, and systems by roles in
a single click. This helps expedite the process of onboarding, offboarding, and changing the role
of a user.
 Exclusive AD360 features

AD360 continuously monitors and audits the use of privileged accounts and
leverages user behavior analytics (UBA) real-time alerts to quickly detect and respond
to the following threats:

EXCLUSIVE Multiple failed logons

User activity anomalies,
Privilege escalations
Lateral movements
Data mishandling
Data exfiltration.

Detects compliance infractions and performs rapid forensic analysis.

Check for
unrecognized
scheduled tasks How does ManageEngine AD360 help?
It can be challenging to manually monitor and review the numerous scheduled tasks
Check for unrecognized
spread across your 2003/2008/2012 servers. It is important to check when these tasks
scheduled tasks. Look for
were created, deleted, and updated. All this data can help you to identify anomalous
unrecognized actions in operating
activities and prevent a possible ransomware attack. With AD360, you can monitor every
system-defined or recognized
scheduled tasks. change to numerous scheduled tasks from various servers in a single report. Stay updated
in real time with AD360's email and SMS alerts which provide you with instant notifications
on every modification and deletion made to the scheduled tasks.

Benefits

Stops the functioning of hidden spywares

Easily detects malicious tasks
Improves system performance
 Exclusive AD360 features

Apart from monitoring scheduled tasks, AD360 can also detect insider threats and
security breaches.

With its real-time threat hunting mechanism, it provides insight into user behavior as
EXCLUSIVE well as potential insider attacks and data breaches on your network.

Sends instant notifications via email or SMS when there is an anomalous activity in file
accesses and automatically shutdown infected devices.

Automates incident response and enables you to configure customer alerts, helping
to prevent data breaches and insider attacks.
Alternatives
to passwords
and bolstering How does ManageEngine AD360 help?
password It is every IT administrator's duty to protect their organization's data, and passwords alone
security aren't sufficient. Organizations need to strengthen their cybersecurity infrastructure by
adopting modern technologies.

Wherever possible, replace This is possible with AD360's self-service management capabilities, which enable you to
password authentication with implement MFA with its wide range of authentication factors, including fingerprint, Face
multi-factor authentication (MFA).
ID authentication, YubiKey, Google Authenticator, push notification, and SMS verification.

Maintain regular password

changes for network systems and
accounts, and avoid reusing the
same password across multiple
accounts.

Ensure that the password changes

are made within the shortest
possible timeframe.

Benefits

Provides robust data security

Enforces strong passwords
Delivers a better user experience
Since passwords cannot be entirely replaced, AD360 helps you to establish stringent
password policies that include a password dictionary filter and a pattern checker to
prevent repetitive passwords.
AD360 ensures that password changes are made within the shortest possible timeframe by
setting up password expiry notifications.
= ADSelfService Plus ) o�d ..._b .t.pg,1..,,,1.,. Mm,., �1

'•-•d��r
0.r-Mo,,St15",,oc:
..
�i..ci..r.-..

YIM.It p;,uword will exl)ife on ftW.lteTlme�. $0, plc.'1$<8 Ch.lngo ,;our pas,s'ffl)f"O .tt s,o¢cn �, l)OS:Jlble.

TT1.11n,kyou.

• ,te.,..,_Od;rfw.t&Nt:tf\t,_IONl'OtNll'��•,.._about«lltft!INtD,Uy,
0) • .._,1.r•l""•'••1101�ih4-W..111-1•11tt,.,ll.ol••n.dl'"'1•r:,/�•1,
....
,.lt-lh.........,,
• �--!h.n,..;,-ot,;,,1-1:the.....,,c,Kd.dn•S.lll.t�on
 Exclusive AD360 features

AD360's enterprise single sign-on tool puts an end to password fatigue by enabling
users to access more applications in just one click.

EXCLUSIVE
This enhances the user experience while reducing password security risks, increasing
productivity, and simplifying identity management challenges.

AD360 is integrated with the Have I Been Pwned? service, which avoids credential
stuffing attacks by prohibiting the usage of passwords used in earlier cybersecurity
hacks.
 By combining all the solutions into a single platform, AD360 acts as a
Your one-stop single point of administration for managing user identities, gaining

solution to
access to resources, backing up and restoring data, and providing
full self-service password management. Also, with its advanced

implement the FBI's threat hunting capabilities, AD360 helps IT admins prevent malicious
activities and data breaches. AD360 provides true value to an

recommendations organization by empowering its cybersecurity with state-of-art

solutions, simplified by its user-friendly interface.