Cybersecurity Incident Recovery Case Study

This case study details the response and recovery efforts of the City of Onkaparinga following a significant ransomware attack in December 2019. The attack, attributed to the RYUK cryptolocker virus, resulted in a complete shutdown of the Council's ICT systems, affecting over 700 staff and disrupting essential services for the community. The document outlines the challenges faced during the incident, including the initial infiltration of the malware and the subsequent loss of access to critical systems. It describes the collaborative efforts between the City of Onkaparinga, Compnow, and Sophos, highlighting the immediate actions taken to restore services and mitigate damage. The case study emphasizes the importance of having robust cybersecurity measures and the role of effective project management in crisis situations. It also discusses the long-term improvements made to the Council's ICT infrastructure as a result of the incident, including the adoption of Sophos Intercept X for enhanced security. The recovery process is documented as a critical learning experience for the Council, ensuring better preparedness for future incidents.