Delivering our Ransomware Live Fire Exercise

We recently partnered with the Australian Cyber Collaboration Centre (A3C) and the AustCyber South Australia (SA) Node to deliver an interactive, unique, and fun hands-on live fire exercise at the A3C’s headquarters in Adelaide.

Jason and special guest Michelle Price, CEO of AustCyber

Participants played the role of an Incident Responder, managing a ransomware incident at a fictitious company. The scenario was based on real actor tradecraft seen in the wild, and to make the exercise feel as realistic as possible, participants leveraged heavily used tools in this domain such as a case management system and various forensic utilities. Participants forensically analysed or interacted with offline files and live elements during the exercise, as well as performing other common Incident Response activities such as communicating with the victim. We took the opportunity to explore Incident Response methodologies and best practices, ensuring participants responded to the incident in line with industry expectations. One of the participants, Laurie Tonks, said “Being able to get hands on experience in a simulation environment is invaluable. It gives me the ability to test out the skills I already have and learn as I go in a safe environment". Laurie further noted that her confidence levels had increased because of the training, and that the combination of both technical and non-technical elements explored during the exercise provided insights into different areas of cyber security that are otherwise difficult to get (unless it’s during an incident, which isn’t really when you want to be learning things for the first time).

"Being able to get hands on experience in a simulation environment is invaluable. It gives me the ability to test out the skills I already have and learn as I go in a safe environment."

Laurie Tonks, Exercise Participant

Participating in exercises helped improve the Incident Response readiness of participants, and the organisations they come from. Developing the necessary skills and knowledge before an incident strikes is crucial to ensuring you can successfully respond to it. In relation to this training, Paula Oliver, SA Node Manager, said “Cyber security is something that every business needs to consider and having a skilled workforce to be able to defend and protect your company couldn’t be more important than it is today”. We couldn’t agree more with Paula! Cyber security skills are a crucial piece of the puzzle when it comes to staying ahead of the continuously evolving threats.

"Cyber security is something that every business needs to consider and having a skilled workforce to be able to defend and protect your company couldn’t be more important than it is today."

Paula Oliver, AustCyber SA Node Manager

All three of us (Retrospect Labs, A3C, and AustCyber) recognise the importance and criticality of cyber skills – particularly enabling network defenders at the front line to stop attacks before it disrupts business operations or results in harm to their organisations. And we know it’s not only the technical response to incidents that can help prevent harm, but that network defenders also need many other skills such as communication (from helping communicate to impacted customers, preparing media statements, or briefing senior executives), awareness of potential legal and regulatory implications (like the Notifiable Data Breach Scheme), and overall management and coordination of the entire incident response operation (and everything that involves)! The need for multi-disciplinary and diverse skills in all cyber professionals, is something we strongly support.

Creating diversity in gender is another key goal for all three partners, which is why this event was sponsored by AustCyber SA Node to provide placements exclusively for females. The sponsorship was very well received with most of the participants being female!

The amazing people who took on the challenge receiving their certificates

Based on the great feedback we received, we’ll look to run exercise-based training events like this again – so if you’re interested in improving those incident response skills and your readiness, let us know!