Divan de Nysschen, cybersecurity architect at NEC XON

Every organisation faces the looming threat of ransomware. Malicious actors take control of IT assets and demand ransoms. Whether automated or human-operated, this type of malware encrypts files and folders, compelling victims to pay for decryption keys. Paying up doesn’t necessarily ensure restored access, either, and permanent data loss can be catastrophic.

Understanding ransomware attacks

There are two main categories of attacks:

Commodity ransomware attacks are often automated and spread virally, infiltrating through methods such as e-mail phishing and malware delivery.
Human-operated ransomware attacks involve active infiltration by cybercriminals into an organisation’s IT infrastructure. Hallmarks include credential theft and lateral movement with elevated privileges.

Commodity ransomware is relatively easier to detect, whereas human-operated variants mimic legitimate IT activities, demanding meticulous attention for detection.

Lessons learnt

Both commodity and human-operated variants present significant challenges for organisations worldwide. As adversaries become increasingly sophisticated in their tactics, the imperative for proactive defence measures and swift incident response has never been more critical.

In the following compilation of lessons learnt, we delve into key strategies and insights gleaned from real-world encounters with ransomware attacks:

Recognise the differences: While community-based variants exhibit predictable traits, detecting human-operated ransomware demands acute precision and attention. Stay vigilant to identify and thwart evolving threats effectively.
Empower your defence: Take charge of your security posture by fortifying your security awareness programme and tightening e-mail security controls. Proactively validate these measures weekly to stay ahead of commodity ransomware threats.
Guard your privileges: Proactively defend against human-operated ransomware by implementing a stringent privileged access model. Eliminate avenues for credential theft and safeguard privileged identities with unwavering diligence.
Establish clarity amid chaos: Pre-empt confusion during crises by establishing clear communication channels and defining roles in advance. Regularly stress-test these protocols to ensure seamless coordination when it matters most.
Detect and respond swiftly: Stay one step ahead of adversaries by deploying endpoint detection and response (EDR) solutions across your infrastructure. Act swiftly to identify and neutralise suspicious behaviour, thwarting modern adversaries’ attempts to blend in.
Secure your data’s future: Safeguard your organisation’s data integrity by implementing robust backup processes for critical systems. Regularly test restoration procedures to minimise downtime and ensure business continuity in the face of ransomware attacks.
Fortify your perimeter: Take proactive steps to fortify your infrastructure against adversarial access points. Conduct regular workshops to identify and eliminate vulnerabilities, reducing the complexity of your environment and bolstering defences.
Contain the threat: In the event of a ransomware breach, act decisively to contain the threat and minimise its impact on your organisation. Isolate compromised endpoints and identities, and swiftly trace the attack’s source for elimination.
Explore partnership opportunities: Unlock the full potential of your cybersecurity defences by considering outsourcing to a managed security partner (MSP). Let experts handle the burden of studying ransomware threats while you focus on innovation and growth.

Ransomware cartels operate ruthlessly, exploiting double extortion tactics to unlock multiple revenue streams within the cybercriminal economy. Proactive cyber strategies and robust safeguards are essential for preparing against these attacks and mitigating potential business damage.

About NEC XON
NEC XON is a leading African integrator of ICT solutions and part of NEC, a Japanese global company. NEC XON has operated in Africa since 1963 and delivers communications, energy, safety, security and digital solutions. It co-creates social value through innovation to help overcome serious societal challenges. The organisation operates in 54 African countries and has a footprint in 16 of them. Regional headquarters are located in South, East and West Africa. NEC XON is a level 1-certified broad-based black economic empowerment business. Discover more at www.nec.xon.co.za.