Matt O'Kane shares ransomware strategies at CISO Brisbane

At the CISO Brisbane 2025, Matt O’Kane shared fresh ransomware response strategies, offering practical response tools to Brisbane cybersecurity leaders.

Ransomware gangs are ditching encryption in favour of direct extortion. O’Kane outlined a critical evolution in attacker behaviour.

“From software-driven crime to pure threat-of-release crime,” said Matt.

Rather than encrypting files, modern ransomware groups now prioritise extortion, directly pressuring customers, board members and regulators.

“Clutter is the enemy of security,” he warned. Instead of relying on “shut it all down” advice, O’Kane proposed a containment-based model using “software-defined boxes” to isolate compromised systems. He referenced a case involving a healthcare provider that remained offline for between eight and twelve weeks after following conventional shutdown recommendations.

O’Kane posed three questions organisations should ask when responding to ransomware: Can we keep operating safely? Can we stop more data from leaking? Can we recover quickly if it happens again?

A real-world case study featured an unpatched Windows 2008 server discovered on Shodan. Despite being listed for decommissioning “next month,” it became the initial entry point for a ransomware attack.

O’Kane encouraged attendees to rethink how incidents are viewed. “Cybercrime isn’t cool. It’s cruel,” he said. “The crooks share info. We should too.”

Delivered in partnership with Cloudflare.