NEC XON shares lessons learned from ransomware attacks

May 2024 Editor's Choice, Information Security

Every organisation faces the looming threat of ransomware. Malicious actors take control of IT assets and demand ransoms. Whether automated or human-operated, this type of malware encrypts files and folders, compelling victims to pay for decryption keys. Paying up doesn't necessarily ensure restored access; permanent data loss can be catastrophic.


Divan de Nysschen.

Understanding ransomware attacks

There are two main categories of attacks. Commodity ransomware attacks are often automated and spread virally, infiltrating through methods like email phishing and malware delivery. Human-operated ransomware attacks involve active infiltration by cybercriminals into an organisation's IT infrastructure. Hallmarks include credential theft and lateral movement with elevated privileges. Commodity ransomware is relatively more straightforward to detect, whereas human-operated variants mimic legitimate IT activities, demanding meticulous attention for detection.

Lessons learned

Both commodity and human-operated variants present significant challenges for organisations worldwide. As adversaries become increasingly sophisticated in their tactics, the imperative for proactive defence measures and swift incident response has never been more critical. In the following compilation of lessons learned, we delve into key strategies and insights gleaned from real-world encounters with ransomware attacks.

• Recognise the differences: While community-based variants exhibit predictable traits, detecting human-operated ransomware demands acute precision and attention. Stay vigilant to identify and thwart evolving threats effectively.

• Empower your defence: Take charge of your security posture by fortifying your security awareness programme and tightening email security controls. Proactively validate these measures weekly to stay ahead of commodity ransomware threats.

• Guard your privileges: Implement a stringent privileged access model to proactively defend against human-operated ransomware. Eliminate avenues for credential theft and safeguard privileged identities with unwavering diligence.

• Establish clarity amid chaos: Preempt confusion during crises by establishing clear communication channels and defining roles in advance. Regularly stress-test these protocols to ensure seamless coordination when it matters most.

• Detect and respond swiftly: Deploy Endpoint Detection and Response (EDR) solutions across your infrastructure to stay one step ahead of adversaries. Act swiftly to identify and neutralise suspicious behaviour, thwarting modern adversaries' attempts to blend in.

• Secure your data's future: Safeguard your organisation's data integrity by implementing robust backup processes for critical systems. Regularly test restoration procedures to minimise downtime and ensure business continuity in the face of ransomware attacks.

• Fortify your perimeter: Take proactive steps to fortify your infrastructure against adversarial access points. Conduct regular workshops to identify and eliminate vulnerabilities, reducing the complexity of your environment and bolstering defences.

• Contain the threat: In the event of a ransomware breach, act decisively to contain the threat and minimise its impact on your organisation. Isolate compromised endpoints and identities, and swiftly trace the attack's source for elimination.

• Explore partnership opportunities: Unlock the full potential of your cybersecurity defences by considering outsourcing to a Managed Security Partner (MSP). Let experts handle the burden of studying ransomware threats while you focus on innovation and growth.

Ransomware cartels operate ruthlessly, exploiting double extortion tactics to unlock multiple revenue streams within the cybercriminal economy. Proactive cyber strategies and robust safeguards are essential for preparing against these attacks and mitigating potential business damage.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Winners of the 2025 Southern Africa OSPAs
Editor's Choice
The winners of the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs) were revealed on Wednesday, 4th June, at Securex South Africa. Winners from all categories (except the Lifetime Achievement) will be featured in the second Global OSPAs set to take place in 2026.

Read more...
Safer spaces through smart surveillance
NEC XON Surveillance
Advances in facial recognition technology are transforming surveillance from a mere recording tool into an intelligent, integrated system that enhances real-time safety, moving beyond the traditional expansion of CCTV efforts.

Read more...
Deepfakes and digital trust
Editor's Choice
By securing the video right from the specific camera that captured it, there is no need to prove the chain of custody for the video, you can verify the authenticity at every step.

Read more...
A new generational framework
Editor's Choice Training & Education
Beyond Generation X, and Millennials, Dr Chris Blair discusses the seven decades of technological evolution and the generations they defined, from the 1960’s Mainframe Cohort, to the 2020’s AI Navigators.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
Key design considerations for a control room
Leaderware Editor's Choice Surveillance Training & Education
If you are designing or upgrading a control room, or even reviewing or auditing an existing control room, there are a number of design factors that one would need to consider.

Read more...
CCTV control room operator job description
Leaderware Editor's Choice Surveillance Training & Education
Control room operators are still critical components of security operations and will remain so for the foreseeable future, despite the advances of AI, which serves as a vital enhancement to the human operator.

Read more...
Phishing attacks through SVG image files
Kaspersky News & Events Information Security
Kaspersky has detected a new trend: attackers are distributing phishing emails to individual and corporate users with attachments in SVG (Scalable Vector Graphics) files, a format commonly used for storing images.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.