Ransomware and Cyber Extortion
How to protect your organisation
This Best Practice Guide provides practical tools for people at all levels of an organisation to understand and manage the risk posed by ransomware and cyber extortion.
Cyber criminals are using two dominant cyber extortion strategies: ransomware and data theft extortion
In a typical ransomware attack, the attacker disrupts the availability of a victim organisation’s files or systems to impact their operations.
The attacker gains unauthorised access to a victim’s network and runs malicious software known as ‘ransomware’. The ransomware typically encrypts files, making them unreadable. Affected files can include user files such as documents and spreadsheets or system files which are required for computers to properly operate. A significant trend in recent times is the encryption of entire virtual machines.
Some attacks make other changes, such as locking systems to make them inaccessible to users or displaying ‘ransom notes’ on screen to alert users to the attack and instruct them how to pay their attackers. The effects of ransomware can normally be reversed by using a decryption program or key, which the attacker usually promises to provide in exchange for a payment.
Data theft extortion involves the attacker stealing confidential information and threatening to share it in a way that will cause harm to the organisation, or in some cases, individuals whose data has been stolen.
Data theft extortion has become increasingly popular among cyber criminals since late 2019 and has accelerated in popularity in the last two years. It is often (but not always) combined with ransomware – an approach called ‘double extortion’. CyberCX saw double extortion tactics used by cyber criminals in over 70% of the incidents we responded to last year.
Ransomware and Cyber Extortion
Best Practice Guide
Our Best Practice Guides offer clear, practical advice to improve organisations’ cyber security posture and resilience. We design these guides to be accessible for CEOs, boards, CISOs and professionals of all backgrounds.
Cyber extortion: State of play in 2023
Understanding and responding to an attack
Best practice security controls to mitigate risk of attack
When and why organisations should engage with their attacker
Should you pay a ransom or extortion demand?
Our Best Practice Guides leverage CyberCX’s significant operational and advisory experience, including:
- Experience from incidents responded to by our Digital Forensics & Incident Response (DFIR) practice across the Indo-Pacific and globally.
- CyberCX Intelligence, a unique Indo-Pacific intelligence capability which leverages global open and closed sources, creates unique first-party regional intelligence, and actively monitors dark web and criminal marketplace forums.
- Insights from our Cyber Strategic Communications team, which advises senior leaders in many of our region’s most high-profile incidents.
- Insights from CyberCX’s Security Testing & Assurance (STA) practice, the largest security testing capability in the region.
- Telemetry collected by our Managed Security Services (MSS) teams monitoring client networks across Australia, New Zealand and globally.
- Insights from our Strategy & Consulting (S&C) and Governance, Risk & Compliance (GRC) practices on cyber security strategies, investments and risk management, and how leading organisations protect their most critical assets.
“ We believe all organisations should have access to strategies and tools to uplift their cyber security and improve resilience.”
Alastair MacGibbon, Chief Strategy Officer, CyberCX
Download the Best Practice Guide
Trusted cyber security and cloud partner for enterprise and government
Expertise at scale
More than 1,300 cyber security and cloud professionals delivering solutions to our customers.
Eyes on glass 24/7
Continuous monitoring of your network across our 9 advanced security operations centres globally.
Help when you need it
Our incident responders handle over 250 cyber breaches per year.
Assessing your needs
Industry-leading experts conduct more than 500 baseline security assessments per year.
Providing credible assurance
Our exceptional team of ethical hackers conducts over 3,000 penetration tests per year.
Training the next generation
CyberCX is training 500 cyber security professionals over the next three years.
Cyber security services
End-to-end services covering every challenge throughout your cyber security and cloud journey.