{"id":530345,"date":"2024-10-28T09:00:00","date_gmt":"2024-10-28T13:00:00","guid":{"rendered":"https:\/\/www.commvault.com\/?p=530345"},"modified":"2024-10-28T09:35:10","modified_gmt":"2024-10-28T13:35:10","slug":"active-directory-and-its-critical-role-in-ransomware-recovery","status":"publish","type":"post","link":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery","title":{"rendered":"Active Directory and its Critical Role in Ransomware Recovery"},"content":{"rendered":"\n<p class=\"\">Welcome to the first in our three-part blog post series on Microsoft Active Directory data backup and recovery. This series will explore the criticality of AD in your resilience strategy and considerations for protection. Let\u2019s begin with an introduction of why AD is so important.<\/p>\n\n\n\n<p class=\"\">Ransomware has become a perpetual game of cat and mouse. As IT and security teams strive to stay one step ahead, threat actors ruthlessly mine for new methods, means, and vectors for their exploits. Their latest focus is AD. As a core element of centralized management, AD has become a primary target and pathway to execute ransomware attacks. Now more than ever, it\u2019s critical that today\u2019s businesses consider AD protection in their overarching security and ransomware response strategies.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-the-keys-to-the-castle\">The Keys to the Castle<\/h4>\n\n\n\n<p class=\"\">As a widely adopted authentication tool for small, medium, and enterprise businesses, Microsoft AD and Entra ID are the gatekeepers of authorization processes for networks, applications, and environments. AD is the quarterback of system access and controls an ever-changing pool of users, groups, policies, and app permissions.<\/p>\n\n\n\n<p class=\"\">While AD simplifies the administration of access to key systems, it can be particularly challenging to secure as it holds the keys to an organization\u2019s most crown jewels \u2013 its infrastructure and data. It also has become a data protection blind spot for many organizations. One misconfiguration, leaked password, or dormant account can enable a bad actor to elevate privileges and steal, corrupt, or deny access to critical applications and their data.<\/p>\n\n\n\n<p class=\"\">Numerous workloads within companies depend on AD to grant employees access to critical business systems that are essential for generating revenue, delivering patient care, maintaining manufacturing operations, and supporting nonprofit initiatives. Without AD, business operations would grind to a halt.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-propagating-an-attack\">Propagating an Attack<\/h4>\n\n\n\n<p class=\"\">Experts are finding AD is playing a key and increasingly larger role in executing attacks. In fact,\u00a0<a href=\"https:\/\/d27a6xpc502mz5.cloudfront.net\/wp-content\/uploads\/resources-pdfs\/resources-ema-report-rise-of-active-directory-exploits.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">a study by EMA Research<\/a>\u00a0showed that 50% of organizations experienced an attack on AD\/Entra ID in the last one to two years. By exploiting blind spots, bad actors can compromise privileged accounts, mimic authorized users, and silently traverse infrastructure, workstations, and applications to establish their foothold. Failing to safeguard AD enables attackers with a centralized location to control and sever access to critical business assets.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-how-commvault-helps\">How Commvault Helps<\/h4>\n\n\n\n<p class=\"\">Safeguarding AD from ransomware requires purpose-built tools to recover from attacks. And while some businesses have developed homegrown solutions, they are time-consuming to maintain, upkeep, and administer. With Commvault Cloud, you get dedicated, single-solution protection for Microsoft AD and Entra ID to help quickly restore your data.<\/p>\n\n\n\n<p class=\"\">Frequent backups enable users to undo damaging and unwanted changes to objects and attributes, including users, groups, app registrations, and more. Fast, granular recovery options allow administrators to view what\u2019s changed in their environment and easily recover missing, damaged, or misconfigured items to thwart ongoing attacks.<\/p>\n\n\n\n<p class=\"\">Visit\u00a0<a href=\"https:\/\/www.commvault.com\/platform\/active-directory\" target=\"_blank\" rel=\"noreferrer noopener\">Commvault.com\/platform\/active-directory<\/a>\u00a0to learn more about how Commvault helps safeguard AD against corruption, accidental deletion, or malicious attacks.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Failing to safeguard this key tool is a major risk.<\/p>\n","protected":false},"author":171,"featured_media":530346,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_custom_css":"","_custom_js_footer":"","_page_background_color":"","_remove_from_search":false,"_dark_mode":false,"_light_footer_mode":false,"_sidebar_form":{"id":"","name":"","cta":"","redirect":""},"_alert_notification_bar":{"show":true,"bg_color":"","content":"","call_to_action_label":"","call_to_action_link":""},"_footer_cta":{"show":false,"title":"","subtitle":"","cta_text":"","cta_link":"","background":{"id":0,"url":""}},"_cmv_customer_logo":{"id":0,"url":""},"_jetpack_memberships_contains_paid_content":false,"i18n_hreflangs":"","footnotes":""},"categories":[678],"tags":[1653],"cmv_author":[981],"class_list":{"0":"post-530345","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ransomware","8":"tag-active-directory","9":"cmv_author-katharine-colucci","10":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.0 (Yoast SEO v23.0) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Active Directory and its Critical Role in Ransomware Recovery | Blog<\/title>\n<meta name=\"description\" content=\"As IT and security teams strive to stay one step ahead, threat actors ruthlessly mine for new methods, means, and vectors for their exploits.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Active Directory and its Critical Role in Ransomware Recovery\" \/>\n<meta property=\"og:description\" content=\"As IT and security teams strive to stay one step ahead, threat actors ruthlessly mine for new methods, means, and vectors for their exploits.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery\" \/>\n<meta property=\"og:site_name\" content=\"Commvault - English - United States\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Commvault\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-28T13:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-28T13:35:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/AD1-Blog-Graphic.jpg?quality=80\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"unguyen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@commvault\" \/>\n<meta name=\"twitter:site\" content=\"@commvault\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"unguyen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Active Directory and its Critical Role in Ransomware Recovery | Blog","description":"As IT and security teams strive to stay one step ahead, threat actors ruthlessly mine for new methods, means, and vectors for their exploits.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery","og_locale":"en_US","og_type":"article","og_title":"Active Directory and its Critical Role in Ransomware Recovery","og_description":"As IT and security teams strive to stay one step ahead, threat actors ruthlessly mine for new methods, means, and vectors for their exploits.","og_url":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery","og_site_name":"Commvault - English - United States","article_publisher":"https:\/\/www.facebook.com\/Commvault\/","article_published_time":"2024-10-28T13:00:00+00:00","article_modified_time":"2024-10-28T13:35:10+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/AD1-Blog-Graphic.jpg?quality=80","type":"image\/jpeg"}],"author":"unguyen","twitter_card":"summary_large_image","twitter_creator":"@commvault","twitter_site":"@commvault","twitter_misc":{"Written by":"unguyen","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery#article","isPartOf":{"@id":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery"},"author":{"name":"unguyen","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/dba72b5a781f4b5fd095bc52380eb45c"},"headline":"Active Directory and its Critical Role in Ransomware Recovery","datePublished":"2024-10-28T13:00:00+00:00","dateModified":"2024-10-28T13:35:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery"},"wordCount":503,"publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/AD1-Blog-Graphic.jpg?quality=80","keywords":["Active Directory"],"articleSection":["Ransomware"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery","url":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery","name":"Active Directory and its Critical Role in Ransomware Recovery | Blog","isPartOf":{"@id":"https:\/\/commvault-new.go-vip.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery#primaryimage"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/AD1-Blog-Graphic.jpg?quality=80","datePublished":"2024-10-28T13:00:00+00:00","dateModified":"2024-10-28T13:35:10+00:00","description":"As IT and security teams strive to stay one step ahead, threat actors ruthlessly mine for new methods, means, and vectors for their exploits.","breadcrumb":{"@id":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery#primaryimage","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/AD1-Blog-Graphic.jpg?quality=80","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/AD1-Blog-Graphic.jpg?quality=80","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/www.commvault.com\/blogs\/active-directory-and-its-critical-role-in-ransomware-recovery#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.commvault.com\/"},{"@type":"ListItem","position":2,"name":"Active Directory and its Critical Role in Ransomware Recovery"}]},{"@type":"WebSite","@id":"https:\/\/commvault-new.go-vip.net\/#website","url":"https:\/\/commvault-new.go-vip.net\/","name":"Commvault - English - United States","description":"","publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/commvault-new.go-vip.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/commvault-new.go-vip.net\/#organization","name":"Commvault","url":"https:\/\/commvault-new.go-vip.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","width":1200,"height":628,"caption":"Commvault"},"image":{"@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Commvault\/","https:\/\/x.com\/commvault","https:\/\/www.instagram.com\/commvault\/","https:\/\/www.linkedin.com\/company\/commvault","https:\/\/www.youtube.com\/user\/commvault","https:\/\/en.wikipedia.org\/wiki\/Commvault"]},{"@type":"Person","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/dba72b5a781f4b5fd095bc52380eb45c","name":"unguyen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/564707f567262bb740287c608ef955e5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/564707f567262bb740287c608ef955e5?s=96&d=mm&r=g","caption":"unguyen"}}]}},"jetpack_featured_media_url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/AD1-Blog-Graphic.jpg?quality=80","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/530345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/users\/171"}],"replies":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/comments?post=530345"}],"version-history":[{"count":1,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/530345\/revisions"}],"predecessor-version":[{"id":530347,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/530345\/revisions\/530347"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media\/530346"}],"wp:attachment":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media?parent=530345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/categories?post=530345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/tags?post=530345"},{"taxonomy":"cmv_author","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/cmv_author?post=530345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}