NEC XON shares lessons learned from ransomware attacks

May 2024 Editor's Choice, Information Security

Every organisation faces the looming threat of ransomware. Malicious actors take control of IT assets and demand ransoms. Whether automated or human-operated, this type of malware encrypts files and folders, compelling victims to pay for decryption keys. Paying up doesn't necessarily ensure restored access; permanent data loss can be catastrophic.

Divan de Nysschen.

Understanding ransomware attacks

There are two main categories of attacks. Commodity ransomware attacks are often automated and spread virally, infiltrating through methods like email phishing and malware delivery. Human-operated ransomware attacks involve active infiltration by cybercriminals into an organisation's IT infrastructure. Hallmarks include credential theft and lateral movement with elevated privileges. Commodity ransomware is relatively more straightforward to detect, whereas human-operated variants mimic legitimate IT activities, demanding meticulous attention for detection.

Lessons learned

Both commodity and human-operated variants present significant challenges for organisations worldwide. As adversaries become increasingly sophisticated in their tactics, the imperative for proactive defence measures and swift incident response has never been more critical. In the following compilation of lessons learned, we delve into key strategies and insights gleaned from real-world encounters with ransomware attacks.

• Recognise the differences: While community-based variants exhibit predictable traits, detecting human-operated ransomware demands acute precision and attention. Stay vigilant to identify and thwart evolving threats effectively.

• Empower your defence: Take charge of your security posture by fortifying your security awareness programme and tightening email security controls. Proactively validate these measures weekly to stay ahead of commodity ransomware threats.

• Guard your privileges: Implement a stringent privileged access model to proactively defend against human-operated ransomware. Eliminate avenues for credential theft and safeguard privileged identities with unwavering diligence.

• Establish clarity amid chaos: Preempt confusion during crises by establishing clear communication channels and defining roles in advance. Regularly stress-test these protocols to ensure seamless coordination when it matters most.

• Detect and respond swiftly: Deploy Endpoint Detection and Response (EDR) solutions across your infrastructure to stay one step ahead of adversaries. Act swiftly to identify and neutralise suspicious behaviour, thwarting modern adversaries' attempts to blend in.

• Secure your data's future: Safeguard your organisation's data integrity by implementing robust backup processes for critical systems. Regularly test restoration procedures to minimise downtime and ensure business continuity in the face of ransomware attacks.

• Fortify your perimeter: Take proactive steps to fortify your infrastructure against adversarial access points. Conduct regular workshops to identify and eliminate vulnerabilities, reducing the complexity of your environment and bolstering defences.

• Contain the threat: In the event of a ransomware breach, act decisively to contain the threat and minimise its impact on your organisation. Isolate compromised endpoints and identities, and swiftly trace the attack's source for elimination.

• Explore partnership opportunities: Unlock the full potential of your cybersecurity defences by considering outsourcing to a Managed Security Partner (MSP). Let experts handle the burden of studying ransomware threats while you focus on innovation and growth.

Ransomware cartels operate ruthlessly, exploiting double extortion tactics to unlock multiple revenue streams within the cybercriminal economy. Proactive cyber strategies and robust safeguards are essential for preparing against these attacks and mitigating potential business damage.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

2024 Southern Africa OSPAs winners announced
Editor's Choice
The 2024 Southern Africa Outstanding Security Performance Awards (OSPAs) winners were revealed on Tuesday, June 11th, at the Securex South Africa Seminar Theatre hosted by SMART Security Solutions.

AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

The future of digital identity in South Africa
Editor's Choice Access Control & Identity Management
When it comes to accessing essential services, such as national medical care, grants and the ability to vote in elections to shape national policy, a valid identity document is critical.

Do you need a virtual CIO?
Editor's Choice News & Events Infrastructure
If you have a CIO, rest assured that your competitors have noticed and will come knocking on their door sooner or later. A Virtual CIO service is a compelling solution for businesses navigating tough economic conditions.

AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.

AI enables security solutions to define business strategies
Regal Distributors SA Editor's Choice
While allowing technologies to do exactly what they should do with even more efficiency and precision, AI is also empowering these same technologies to break through their traditional boundaries and create an ecosystem where one interface delivers outcomes across highly segmented verticals.

Putting cyber into surveillance
Dallmeier Electronic Southern Africa Cathexis Technologies Technews Publishing Editor's Choice
Cybersecurity has become an essential part of the physical security industry. However, unlike other IoT technologies, of which security products are a part, surveillance technologies have more to protect.

Cyber-armour for a healthcare industry under attack
NEC XON Information Security Healthcare (Industry)
Malicious actors have exploited compromised credentials, a clear and present danger when healthcare providers' reliance on remote access software allows adversaries to disguise themselves as legitimate users and gain unauthorised access to critical environments.