Phase 1: Prevention & Preparation
Proactive measures are your strongest defence. Orro’s experts recommend these foundational steps to significantly reduce the likelihood and impact of a ransomware attack:
- Robust Backups: Follow the 3-2-1 rule (3 copies, 2 media types, 1 offline). A backup is only useful if it’s regularly tested for restoration.
- Multi-Factor Authentication (MFA): Enable MFA on all critical accounts, especially email and financial platforms. It’s the single most impactful defense against credential theft.
- Vulnerability Management: Keep systems patched. Use services like Orro’s Vulnerability Management-as-a-Service to scan for and fix weaknesses before they’re exploited.
Immediate Actions During an Attack
If you suspect an infection, swift action is vital for Ransomware Risk Management:
- Isolate: Disconnect the affected device from the network immediately (unplug the ethernet or disable Wi-Fi).
- Never Pay: The ACSC and Orro advise against paying ransoms. It doesn’t guarantee data recovery and funds further crime.
- Call Experts: Contact Orro’s 24/7 Incident Response team to contain the threat and begin recovery.
Phase 2: Recovery & Reporting
Once the threat is contained, focus on a clean recovery. Wiping systems and restoring from offline backups ensures you aren’t re-introducing malware. Don’t forget your legal obligations—report incidents via ReportCyber and, if data was breached, notify the OAIC under the NDB scheme.
Building Resilience
Use every incident as a learning opportunity. Conduct a Security Maturity Assessment to align your defences with the ACSC’s Essential Eight. Strengthening your overall security posture is the final, ongoing step in successful Ransomware Risk Management.
“A backup is only as good as its restore. Test your defenses before you need them.”
Need to audit your current security? Contact Orro’s Cyber Security team for a maturity assessment today.
