Matt O’Kane shares ransomware strategies

Last week, at the CISO Brisbane 2025, Matt O’Kane shared fresh ransomware response strategies, offering practical response tools to Brisbane cybersecurity leaders.

Shift in ransomware tactics

Ransomware gangs are ditching encryption in favour of direct extortion.

O’Kane outlined a critical evolution in attacker behaviour.

“From software-driven crime to pure threat-of-release crime,” said Matt.

Rather than encrypting files, modern ransomware groups now prioritise extortion, directly pressuring customers, board members and regulators.

“Clutter is the enemy of security,” he warned, highlighting how complex infrastructure allows attackers to stay hidden, while simpler systems make threats easier to detect and resolve.

Pragmatic framework over shutdown response

Instead of relying on “shut it all down” advice, O'Kane proposed a containment-based model using “software-defined boxes” to isolate compromised systems.

He referenced a case involving a Brisbane healthcare provider that remained offline for between eight and twelve weeks after following conventional shutdown recommendations.

O'Kane posed three questions organisations should ask when responding to ransomware:

• Can we keep operating safely?

• Can we stop more data from leaking?

• Can we recover quickly if it happens again?

Legacy systems remain a risk

A real-world case study featured an unpatched Windows 2008 server discovered on Shodan.

Despite being listed for decommissioning “next month,” it became the initial entry point for a ransomware attack.

Attackers used the outdated machine to move laterally across the network before deploying ransomware.

Addressing industry shame

O'Kane encouraged attendees to rethink how incidents are viewed across the industry.

“Cybercrime isn’t cool. It’s cruel,” he said.

He emphasised that being targeted does not reflect failure, but an opportunity to learn, improve and collaborate.

“The crooks share info.”

“We should too,” O'Kane said, reinforcing the need for transparency and mutual support across the cybersecurity ecosystem.

Building cyber resilience in Australia

Delivered in partnership with Cloudflare, the session underlined the need for experience-driven cybersecurity responses across Australian organisations.

Matt O'Kane leads Notion Digital Forensics, a Brisbane-based cyber incident response and forensics provider.

Since 2018, the company has worked with IT service providers, universities, corporations and law firms across Australia.

The CISO Brisbane 2025 forum reaffirmed the demand for practical, operational guidance in managing ransomware threats.