The Vancord Blog

Ransomware Attack: Changing Out the Locks

Here at Vancord, we frequently respond to incidents where business operations have ground to a halt because of a ransomware attack. Ransomware attacks have been on the rise over the years, and it’s easy to see why. Hackers stand to make a pretty penny locking up critical systems or data. The average ransomware attack costs a business $713,000.

One of the chief goals of an attacker is to disable the backup systems to ensure their payday. While this likely isn’t new information to you, we wanted to give you one bit of advice that could throw a wrench in the hacker’s plans so you can avoid making that ransom payment.

Ransomware attack strategies that hackers use

Understanding how an attacker moves in an environment could mean the difference between entering a nightmare situation or quickly recovering. When an attacker gains a foothold in your environment, they start piecing together a more legitimate presence through credential theft.


The use of legitimate accounts gives broader access across an environment without risking detection. If the hacker can get their hands on a domain admin account, they’ll have access to every domain-bound workstation and server in your organization. From there, they’ll quickly get to work on destroying your backup systems so you can’t recover.

Stophackers in their tracks

How can you stop an attacker who effectively has the master key to your organization? To put it simply, you change out the lock. By not joining your backup systems to the domain, the attacker won’t be able to access them with the same domain admin credentials they’ve used elsewhere.

Preventing and stopping ransomware attacks: The bottom line

While changing out the lock is a cost-free and straightforward method, it’s still essential that good password practices are observed. Engaging in password best practices will go a long way to preventing costly ransomware attacks.


Make sure the password is greater than 13 characters. Also, be sure the password is sufficiently complex. For added security measures, try only to use those credentials locally and avoid logging into the backup systems across the network. You never know who could be listening.


Mike Lang

Written by Mike Lang


Subscribe to Email Updates