The UK’s National Cyber Security Centre (NCSC), in cooperation with three insurance associations, has just released guidance for organisations considering whether to pay a ransom to have their data released.
https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents
The guidance is short, concise, thorough, and logically structured. Although a few remarks are specific to the UK, it is clear what those are. It is full of very useful advice that would apply equally to Australian organisations.
With so many cyber incidents in the news recently, no doubt many Australians would find the guidance timely.
The best way to deal with ransomware attacks is of course to be able to prevent them from occuring. But, as even the best prepared organisation still faces some risk, you should be prepared for how you would deal with such an event should the unfortunate situation arise.
The Australian Government’s advice is never to pay a ransom. This is a controversial topic, and although the Minister, Clare O’Neil, has previously expressed an intention to change this, paying a ransom is currently not necessarily illegal in itself. There are some circumstances in which it could be illegal however, so anyone considering paying a ransom should always seek advice before doing so.
Ransomware extortionists will try to use the stress and pressure a target is under to push them into making hasty decisions in their favour. Anyone who has planned their possible responses in advance and surveyed the topics on which they will need to be informed will be better placed to resist those tactics and have more control over those decisions. The guidance will certainly help with that.
The Australian Signals Directorate (our equivalent of the NCSC) has advice on ransomware protection.
https://www.cyber.gov.au/report-and-recover/recover-from/ransomware/protect-yourself-from-ransomware