There are many free tools that, if not properly leveraged, an attacker could use to their own advantage.
One example is a Windows encryption tool called BitLocker. In situations when this was not enabled, attackers have repurposed it to essentially encrypt the drives and lock out the device owners. When enabled, BitLocker becomes one less feature for attackers to leverage.
Another example is a Microsoft LAPS (local administrator password solution), which allows users to have different local administrator passwords on each device. If LAPS is not enabled, attackers can enable it on their own, locking administrators out of local admin accounts on user devices.
Think of these tools – and others like them – like a sword. If you take it first, your opponent wont be able to take it. But if you just leave it sitting there, anyone can just take it and use it against you.Jackson SchlesingerCyber Services Manager - Cyber Services
When trying to access email from home, the IT administrator of an agricultural manufacturer in the southeastern US noticed irregularities and headed into the office.
On arrival, he found blue screens or ransom notes on a number of desktops, as well as ransom notes on some printers. It turned out that 40 workstations and 3 file servers had been encrypted, and the cybercriminals had used the Windows BitLocker tool to encrypt.
A ransomware negotiator was able to provide intelligence about the ransomware group involved and their connection with a sanctioned entity, so no payment could be made.
But with the assistance of a forensics vendor, the manufacturer was able to contain the incident and restore from backups.
The descriptions contained in this communication are for preliminary informational and risk management purposes only. It is made available with the understanding that Beazley does not render legal services or advice. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information. The product is available on an admitted basis in some but not all US jurisdictions through Beazley Insurance Company, Inc., and is available on a surplus lines basis through licensed surplus lines brokers underwritten by Beazley syndicates at Lloyd’s. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued. The publication and delivery of the information contained herein is not intended as a solicitation for the purchase of insurance on any US risk. Beazley USA Services, Inc. is licensed and regulated by insurance regulatory authorities in the respective states of the US and transacts business in the State of California as Beazley Insurance Services (License#: OG55497)