Ransomware often leverages a cracked administrator or local administrator password to gain access across a network, or it sets permissions across a network so that attackers can gain access. That’s why it’s important to manage permissions in Windows carefully.
For example, you might be in the process of migrating to a newer version or recently completed a migration from Windows 7 or Server 2009R2. As part of that process, it’s common to change default permissions to copy files, move data and migrate servers. Have you gone back to make sure you’ve removed all excess permissions once the migration is complete? You might have left a door open for an attacker.
Check permission settings before migrating
Get-Acl
is the basic PowerShell command to obtain information about the security of a resource. In legacy networks, NT File System (NTFS) permissions have often been set to looser standards. Unless you’ve audited them, you might not realize how they are set. If you are migrating from an older operating system, the permissions were set for a different era and might need to change.