NEC XON shares lessons learned from ransomware attacks

May 2024 Editor's Choice, Information Security

Every organisation faces the looming threat of ransomware. Malicious actors take control of IT assets and demand ransoms. Whether automated or human-operated, this type of malware encrypts files and folders, compelling victims to pay for decryption keys. Paying up doesn't necessarily ensure restored access; permanent data loss can be catastrophic.


Divan de Nysschen.

Understanding ransomware attacks

There are two main categories of attacks. Commodity ransomware attacks are often automated and spread virally, infiltrating through methods like email phishing and malware delivery. Human-operated ransomware attacks involve active infiltration by cybercriminals into an organisation's IT infrastructure. Hallmarks include credential theft and lateral movement with elevated privileges. Commodity ransomware is relatively more straightforward to detect, whereas human-operated variants mimic legitimate IT activities, demanding meticulous attention for detection.

Lessons learned

Both commodity and human-operated variants present significant challenges for organisations worldwide. As adversaries become increasingly sophisticated in their tactics, the imperative for proactive defence measures and swift incident response has never been more critical. In the following compilation of lessons learned, we delve into key strategies and insights gleaned from real-world encounters with ransomware attacks.

• Recognise the differences: While community-based variants exhibit predictable traits, detecting human-operated ransomware demands acute precision and attention. Stay vigilant to identify and thwart evolving threats effectively.

• Empower your defence: Take charge of your security posture by fortifying your security awareness programme and tightening email security controls. Proactively validate these measures weekly to stay ahead of commodity ransomware threats.

• Guard your privileges: Implement a stringent privileged access model to proactively defend against human-operated ransomware. Eliminate avenues for credential theft and safeguard privileged identities with unwavering diligence.

• Establish clarity amid chaos: Preempt confusion during crises by establishing clear communication channels and defining roles in advance. Regularly stress-test these protocols to ensure seamless coordination when it matters most.

• Detect and respond swiftly: Deploy Endpoint Detection and Response (EDR) solutions across your infrastructure to stay one step ahead of adversaries. Act swiftly to identify and neutralise suspicious behaviour, thwarting modern adversaries' attempts to blend in.

• Secure your data's future: Safeguard your organisation's data integrity by implementing robust backup processes for critical systems. Regularly test restoration procedures to minimise downtime and ensure business continuity in the face of ransomware attacks.

• Fortify your perimeter: Take proactive steps to fortify your infrastructure against adversarial access points. Conduct regular workshops to identify and eliminate vulnerabilities, reducing the complexity of your environment and bolstering defences.

• Contain the threat: In the event of a ransomware breach, act decisively to contain the threat and minimise its impact on your organisation. Isolate compromised endpoints and identities, and swiftly trace the attack's source for elimination.

• Explore partnership opportunities: Unlock the full potential of your cybersecurity defences by considering outsourcing to a Managed Security Partner (MSP). Let experts handle the burden of studying ransomware threats while you focus on innovation and growth.

Ransomware cartels operate ruthlessly, exploiting double extortion tactics to unlock multiple revenue streams within the cybercriminal economy. Proactive cyber strategies and robust safeguards are essential for preparing against these attacks and mitigating potential business damage.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Balancing secure access control and fire safety
Editor's Choice Access Control & Identity Management Fire & Safety
In modern building management, few topics create as much tension as the intersection between security access control and fire evacuation safety. Nichola Allen of G2 Fire sheds light on this delicate balance.

Read more...
Fire safety in South Africa
Technoswitch Fire Detection & Suppression Technews Publishing SMART Security Solutions Editor's Choice Fire & Safety Security Services & Risk Management
Fire safety is sometimes ignored, sometimes relegated to whatever is cheapest, and sometimes treated with the seriousness it deserves, given that it focuses on protecting life and assets. SMART Security Solutions asked Brett Birch, MD of Technoswitch, for some insights into the realities of fire safety in South Africa.

Read more...
Preventing and suppressing lithium fires
SMART Security Solutions Technews Publishing Editor's Choice Fire & Safety Security Services & Risk Management Smart Home Automation
SMART Security Solutions asked Clyde Becker, director of Pyro Brand, for some insight into the mechanics of lithium-ion battery fire risks, especially thermal runaway, and to define a comprehensive, layered approach to fire detection and suppression.

Read more...
NEC XON detects and stops ransomware attack
NEC XON Information Security IoT & Automation
Ransomware attacks rarely begin with chaos. More often, they start quietly, with probing, mapping, and patient reconnaissance inside a target’s network. That was the situation facing a global recruitment firm when cybercriminals attempted to navigate its systems.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
Global security in 2026
Editor's Choice News & Events Security Services & Risk Management Industrial (Industry) Mining (Industry)
The World Security Report 2026 states: “In a world of increasing volatility, physical security has evolved. It is no longer just a defensive measure; it is a critical driver of corporate value.”

Read more...
Who is to blame for autonomous mistakes?
Editor's Choice Security Services & Risk Management Industrial (Industry) Mining (Industry)
Most supply agreements for AI-integrated equipment still closely resemble plant hire contracts from ten years ago: bilateral, human-focused, and silent on who bears the risk when a machine makes a decision on its own.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...
Beyond the checkpoint
Veracitech Editor's Choice
For decades, mining corporations have treated employee screening as a necessary friction point, an operational cost to be managed rather than a strategic capability to be optimised. A new generation of full-body X-ray technology, purpose-built for the realities of high-throughput precious-metals environments, is beginning to change that calculus.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.