The increased reporting of cyber incidents among large companies in ANZ in the first half of 2020 has been clearly evident. A handful of ransomware families are dominating these attacks.

It is not uncommon for many organisations to fail to report breaches, or worse, to be completely unaware that they have even taken place. Ransomware is being used for much more than just blackmail. It can be used as a diversion; first harvesting credentials for later use, and then encrypting the drive to keep IT staff occupied while the attacker covers their tracks.

More recently, attackers have accomplished even more nefarious objectives, like sending critical data to the dark web, or auctioning it to the highest bidder.

In this paper, we investigate some of the tactics used by these ransomware families, their high profile victims, and the strategies used to defend against these