The Ransomware Playbook

Ransomware incidents are becoming prolific. We’re seeing a steady stream of Australian businesses come to us to help them respond to ransomware incidents (we’ve had several in the last week alone), or deploy preventative controls after mopping up an attack.

The Australian governments announcement of an increase in risk around cyber attacks is being borne out in the field. Organised crime and state-sponsored actors are doubling down on ransomware based attacks, fuelled by a rise in payments of bounties by large corporates and insurers trying to recover data.

This post attempts to summarise some of the steps you can take to prepare for a ransomware incident, or if you are unlucky enough to be in the middle of one, some tips in responding.


Preparing and hopefully preventing a ransomware attack is definitely better than the cure. Most of these suggestions are not groundbreaking, but are missed by organisations time and time again.

Train your people – Upskilling staff on cyber security topics and ways to identify potential phishing and scams is a low cost, high return way of protecting your front line.

Deploy multi-factor authentication – Enabling multiple factors of authentication instead of just relying on passwords reaps huge rewards from a security standpoint. Deploying multi-factor is not simple and 100% coverage is difficult, but start with your critical applications such as Office365 and anywhere client data is stored.

Patch your systems – This again seems easy but is often forgotten about when you’re focused on just doing business. Enforcing regular updates on endpoints and servers keeps you ahead of many vulnerabilities. Be sure to include software such as Office and Adobe in updates.

Backup regularly – If you do suffer a ransomware incident, good backups are often the only way you can recover your business. Ensure backups exist in a separate network, or offsite completely. Also utilise the inbuilt backup capabilities in Windows 10 and MacOS

Protect endpoints and servers – Good next-generation antivirus can prevent malware from spreading, and combining it with Endpoint detection and response can help you find bad guys already on your network.

Segment your network – Attackers love big, flat networks. It allows them to move between machines with ease, and infect your entire organisation quickly. Segmenting your network provides controls and a ‘blast radius’ around critical parts of your network. Even separating your corporate IT from any infrastructure and guest networks is a good start.


In the event you’re responding to an incident already, here’s a handy checklist of tips you can use to assist you in responding.

This isn’t an exhaustive list by any means but part of Cythera’s mission is to protect Australian businesses from cyber threats and risk, and altruistically we don’t want to keep seeing businesses crippled by these sorts of incidents.

Parts of the above tips have been taken from our Security Platform as well as our Managed detection & Response capability. If you need assistance with protecting your business or detecting and responding to cyber threats reach out to our team.

By using this website, you agree to our use of cookies. We use cookies to provide you with a great experience and to help our website run effectively. You can read our cookie policy here.