CyberCX launches updated Ransomware and Cyber Extortion Best Practice Guide 

Ransomware and Cyber Extortion

How to protect your organisation

This Best Practice Guide provides practical tools for people at all levels of an organisation to understand and manage the risk posed by ransomware and cyber extortion.


Download the guide

Ransomware and Cyber Extortion Guide 2023


Cyber criminals are using two dominant cyber extortion strategies: ransomware and data theft extortion


In a typical ransomware attack, the attacker disrupts the availability of a victim organisation’s files or systems to impact their operations.

The attacker gains unauthorised access to a victim’s network and runs malicious software known as ‘ransomware’. The ransomware typically encrypts files, making them unreadable. Affected files can include user files such as documents and spreadsheets or system files which are required for computers to properly operate. A significant trend in recent times is the encryption of entire virtual machines.

Some attacks make other changes, such as locking systems to make them inaccessible to users or displaying ‘ransom notes’ on screen to alert users to the attack and instruct them how to pay their attackers. The effects of ransomware can normally be reversed by using a decryption program or key, which the attacker usually promises to provide in exchange for a payment.

Data theft extortion involves the attacker stealing confidential information and threatening to share it in a way that will cause harm to the organisation, or in some cases, individuals whose data has been stolen.

Data theft extortion has become increasingly popular among cyber criminals since late 2019 and has accelerated in popularity in the last two years. It is often (but not always) combined with ransomware – an approach called ‘double extortion’. CyberCX saw double extortion tactics used by cyber criminals in over 70% of the incidents we responded to last year.


Ransomware and Cyber Extortion

Best Practice Guide

Our Best Practice Guides offer clear, practical advice to improve organisations’ cyber security posture and resilience. We design these guides to be accessible for CEOs, boards, CISOs and professionals of all backgrounds.


Cyber extortion: State of play in 2023

Understanding and responding to an attack

Best practice security controls to mitigate risk of attack

When and why organisations should engage with their attacker

Should you pay a ransom or extortion demand?


Our Best Practice Guides leverage CyberCX’s significant operational and advisory experience, including:


  • Experience from incidents responded to by our Digital Forensics & Incident Response (DFIR) practice across the Indo-Pacific and globally.
  • CyberCX Intelligence, a unique Indo-Pacific intelligence capability which leverages global open and closed sources, creates unique first-party regional intelligence, and actively monitors dark web and criminal marketplace forums.
  • Insights from our Cyber Strategic Communications team, which advises senior leaders in many of our region’s most high-profile incidents.
  • Insights from CyberCX’s Security Testing & Assurance (STA) practice, the largest security testing capability in the region.
  • Telemetry collected by our Managed Security Services (MSS) teams monitoring client networks across Australia, New Zealand and globally.
  • Insights from our Strategy & Consulting (S&C) and Governance, Risk & Compliance (GRC) practices on cyber security strategies, investments and risk management, and how leading organisations protect their most critical assets.


We believe all organisations should have access to strategies and tools to uplift their cyber security and improve resilience.”


Alastair MacGibbon, Chief Strategy Officer, CyberCX


Download the Best Practice Guide



Trusted cyber security and cloud partner for enterprise and government

Expertise at scale

More than 1,400 cyber security and cloud professionals delivering solutions to our customers.

Eyes on glass 24/7

Continuous monitoring of your network across our 9 advanced security operations centres globally.

Help when you need it

Our incident responders handle over 250 cyber breaches per year.

Assessing your needs

Industry-leading experts conduct more than 500 baseline security assessments per year.

Providing credible assurance

Our exceptional team of ethical hackers conducts over 3,000 penetration tests per year.

Training the next generation

CyberCX is training 500 cyber security professionals over the next three years.


Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.