Ransomware continues to be one of the most significant and costly threats to Australian Small and Medium Businesses (SMBs). In fact, the Australian Cyber Security Centre (ACSC) has reported a consistent increase in ransomware incidents, with SMBs being particularly vulnerable.
The team at Orro has helped countless Australian businesses defend against and recover from these devastating attacks. This guide is based on our deep insights and is designed to provide a clear, actionable path to protect your business.
Phase 1: Before an Attack – Prevention & Preparation
Proactive measures are your strongest defence. Orro’s experts can help you implement these foundational steps to significantly reduce the likelihood and impact of a ransomware attack.
1. Implement and Test a Robust Backup Strategy 💾
Your most critical defence is the ability to restore your data without paying a ransom. Ransomware is useless if you can simply recover your files.
- Action: Regularly back up all essential data. Follow the 3-2-1 rule: 3 copies of your data, on 2 different media types, with 1 copy stored offline and offsite.
- Orro Insight: “A backup is only as good as its restore. We’ve seen too many businesses with backups that failed when they were needed most. We help our clients create a comprehensive disaster recovery plan and regularly test their backups to ensure they can be restored successfully and quickly.”
2. Turn on Multi-Factor Authentication (MFA) Everywhere 🔐
Most ransomware attacks begin with a compromised password. MFA adds an essential second layer of security, making it exponentially harder for cybercriminals to access your accounts.
- Action: Enable MFA on all critical accounts, especially for email, financial platforms, and cloud services (e.g., Microsoft 365, Google Workspace, Xero).
- Orro Insight: “Phishing attacks are becoming more sophisticated, but MFA is still the single most impactful defence. It’s the bare minimum for business security today, and we can help you implement it seamlessly across your organisation.”
3. Keep Everything Up to Date 🔄
Cybercriminals exploit known weaknesses in software within hours of a vulnerability being made public. Keeping your systems patched is a primary way to close these doors.
- Action: Enable automatic updates for all operating systems and applications. This includes antivirus software, browsers, and any business-specific software you use.
- Orro Insight: “Patching can be a full-time job. Orro provides Vulnerability Management-as-a-Service to continuously scan your environment for weaknesses and provide actionable guidance on what to fix first, so you can stay ahead of the threats.”
4. Train Your Team to Spot Phishing Scams 🎣
The majority of ransomware attacks start with a malicious email. Your employees are your first and best line of defence.
- Action: Conduct regular, mandatory training for all staff. Teach them how to identify suspicious emails, links, and attachments. Encourage a “report, don’t click” culture.
- Orro Insight: “Human error is the leading cause of a successful cyberattack. We provide comprehensive security awareness training that empowers your team to be your strongest defence, turning them from a potential vulnerability into an active asset.”
5. Restrict User Privileges 👥
Granting employees administrative access to systems they don’t need increases the potential damage of an attack.
- Action: Apply the principle of least privilege. Give employees the minimum access required for their job. Avoid granting admin rights for day-to-day tasks.
Phase 2: During an Attack – Incident Response
If the worst happens, a swift and coordinated response can limit the damage and prevent the ransomware from spreading. This is where Orro’s expertise becomes your most valuable asset.
1. Isolate the Infected Device Immediately 🛑
The first priority is to contain the threat.
- Action: As soon as you suspect a ransomware infection, disconnect the affected device from the network. Unplug it from the ethernet cable or turn off the Wi-Fi.
2. Do Not Pay the Ransom 🚫
The official advice from the Australian Cyber Security Centre (ACSC) and Orro’s experts is to never pay a ransom.
- Why? There is no guarantee you will get your data back, it funds future criminal activities, and it makes you a target for future attacks.
3. Call the Experts 📞
You don’t have to go it alone. The minutes after an attack are critical.
- Action: Immediately contact Orro’s Incident Response Team at [Your Phone Number] or [Your Email]. Our team can help you contain the threat and begin the recovery process without delay. We are experienced in handling high-impact security incidents, including ransomware, and provide 24/7 support.
Phase 3: After an Attack – Recovery & Reporting
Once the immediate threat is contained, the focus shifts to recovery and learning from the incident.
1. Report the Incident 📊
Reporting the attack helps authorities track and disrupt cybercrime syndicates.
- Action: File a report with the ACSC via ReportCyber at cyber.gov.au. If customer data was compromised, you have a legal obligation under the Notifiable Data Breaches (NDB) scheme to report the breach to the Office of the Australian Information Commissioner (OAIC).
2. Wipe and Restore Your Systems 💻
The safest way to remove ransomware is to completely wipe the infected systems and restore from your clean backups.
- Action: Reinstall the operating system on all affected devices. Restore your data from your clean, offline backups. This ensures you are not re-introducing the malware.
- Orro Insight: “Our Managed Detection and Response (MDR) and Managed XDR services include sophisticated capabilities to identify and remove all traces of a threat from your network, ensuring your business can get back to normal as quickly as possible. We can even provide a one-click rollback on Windows devices to minimise downtime from a ransomware attack.”
3. Update Your Security Posture 📈
Use this incident as a learning opportunity to strengthen your defences and prevent future attacks.
-
- Action: Conduct a full review of your cybersecurity controls. Update your incident response plan based on the lessons learned.
- Orro Insight: “Orro’s team of experts can conduct a comprehensive Security Maturity Assessment to help you understand your vulnerabilities and build a stronger, more resilient security framework aligned to the ACSC’s Essential Eight.”
