Defense against them
- Review domain controllers, servers, workstations and active directories for new or unrecognized user accounts.
- Back up data regularly and password-protect backup copies offline.
- Use network segmentation.
- Require administrator credentials to install software.
- Establish a recovery plan to maintain and retain multiple copies of data and servers in a physically separate, segmented and secure location.
- Update and patch operating systems, software and firmware frequently.
- Utilize multi-factor authentication (MFA).