Anatomy of an Australian ransomware response

Compromise was six months in the making and took three weeks to fix.

cso security hack breach identity infiltrate gettyimages 653137674 by solarseven
Solarseven / Getty Images

It started like any other day, but within hours the IT team was scrambling as the business ground to a halt—victim of a ransomware cyberattack that popped up a ransomware notice, locked the company’s servers, and triggered a chain of system shutdowns that brought the entire business to a halt.

Executives moved quickly, engaging the cybersecurity remediation team at Accenture to help understand and resolve the problem—but it was only the beginning of a major cleanup effort that would see a joint project team of about 30 people working 24/7 for three weeks straight.

“It was an intensely cumbersome process to go through,” recalls Mark Sayer, AAPAC lead for cyberdefence at Accenture, who directed a broad technological response during which security analysts uncovered an extensive cybercriminal operation that had been preparing to strike for six months.

“We were working 17-hour days,” he recalls, “and I would literally get off the phone, go to sleep, wake up, and get back on the phone. We did that for three weeks without a break, and no weekends.”

While there was strong and continuous support from executives at the victim company—an Australian firm with 5,000 employees that Sayer describes only as ‘Purple Ocean’ — the process of figuring out what had happened, and how to fix it, was a learning experience for a company that was generally focused on keeping the lights on.

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022