All Events and Webinars

Preventing Ransomware and Stopping Data Exfiltration in Retail Webinar

Retail and eCommerce
Ransomware and Malware
Threat Actors and Campaigns
Identity and Access
Supply Chain and Third Party Risks
June 11, 2025
Show Notes
Timestamps
Ransomware in retail has evolved far beyond simple encryption, with attackers now prioritising data theft and operational disruption. This session breaks down how modern attacks actually unfold, from initial access to lateral movement and exfiltration. Viewers will learn the practical controls, response strategies, and governance decisions that reduce impact when prevention inevitably fails.

In-House Specialists

Edward Skraba

CTO Penetration Testing & Threat Intelligence
View More

Edwin Bowers

Enterprise Security Specialist
View More

External Speakers

Jeffrey Bell

Senior Information Security Analyst
View parter ecosystem

Key Strategic Takeaways

Has Ransomware Evolved Into Data Extortion?

Modern ransomware is no longer just about encrypting systems, it’s about stealing sensitive data first and using it as leverage for double extortion. Even with strong backups, organisations remain exposed to regulatory fines, reputational damage, and public data leaks. Preventing ransomware now means protecting data from exfiltration, not just ensuring recovery from encryption.

Does Initial Access Happen Earlier Than Most Organisations Realise?

Attackers commonly gain access through phishing, credential reuse, infostealers, and exploited applications, often long before any visible attack occurs. Many environments are already compromised at the identity level without detection. Reducing risk requires continuous monitoring of credentials, enforcing strong identity controls, and assuming compromise rather than waiting for obvious indicators.

Do Attackers Blend In by Using Legitimate Tools and Access?

Once inside, attackers avoid detection by using trusted tools, built-in system binaries, and legitimate cloud services to move laterally and escalate privileges. This “living off the land” approach makes malicious activity appear normal in logs. Detection must focus on behavioural anomalies and misuse of legitimate access rather than relying solely on known malware signatures.

Is Ransomware Now a Scalable, Service-Based Business?

Ransomware groups operate as organised ecosystems, with affiliates, access brokers, and platform providers working together to maximise reach and profitability. This model allows attackers to quickly adapt and continue operations even when specific groups are disrupted. Defence strategies must account for this scale by strengthening early detection, limiting lateral movement, and disrupting attack chains before encryption or exfiltration occurs.

Does Resilience Depend on Preparation and Not Just Prevention?

Organisations that respond effectively are those that have tested incident response plans, defined escalation paths, and rehearsed real-world scenarios through tabletop exercises. Security cannot rely on prevention alone given the speed and sophistication of attacks. Building resilience means combining proactive controls with continuous testing, cross-functional readiness, and the ability to contain incidents quickly.

Has Ransomware Evolved Into Data Extortion?
Does Initial Access Happen Earlier Than Most Organisations Realise?
Do Attackers Blend In by Using Legitimate Tools and Access?
Is Ransomware Now a Scalable, Service-Based Business?
Does Resilience Depend on Preparation and Not Just Prevention?
  • 00:00 Intro & webinar overview
  • 00:24 Why ransomware is a major threat right now
  • 00:43 Agenda & session breakdown
  • 01:12 Speaker introductions
  • 02:20 Offensive view: how attacks work
  • 03:37 What ransomware is (simple explanation)
  • 04:21 Double extortion & data leaks
  • 06:15 Ransomware stats & scale
  • 07:22 Recent real-world attacks
  • 09:49 Who gets targeted & why
  • 13:18 Why retail is vulnerable
  • 15:56 Ransomware attack lifecycle
  • 16:49 Initial access & credential theft
  • 18:34 Exploiting vulnerabilities
  • 21:45 Ransomware groups & RaaS
  • 27:35 Common attack techniques
  • 33:26 Defense strategies & best practices
  • 41:49 Q&A highlights & final advice
    • Watch More
    Security Operations

    Supply Chain & Third-Party Risk | Managing Hidden Cybersecurity Threats

    Smarttech247 experts discuss how businesses can improve visibility, reduce third-party cyber risk, and strengthen resilience against supply chain attacks.
    Watch Now

    The New Ransomware Economics | Edwin Bowers & CrowdStrike on Modern Cyber Extortion

    Smarttech247 is joined by CrowdStrike to examine how ransomware groups are evolving and what organisations need to do to improve cyber resilience and incident response.
    Watch Now

    Building an Effective Security Strategy | Gavan Egan & Raluca Saceanu on Cyber Resilience

    Smarttech247 discuss the key cybersecurity priorities organisations should focus on in 2026 while also previewing major themes from ZeroDayCon.
    Watch Now

    Ready to scale your security and compliance operations?

    We protect your on-premise/cloud/OT environments - 24x7x365

    Talk to Our Experts