Backup and Ransomware Preparedness for Perth SMBs: Restore Cleanly, Notify Correctly, Don’t Pay the Ransom

It’s a Tuesday morning in your Perth office and nobody can open the shared drive. Your file server is showing a ransom note. Your bookkeeper’s laptop is showing the same note. The backup NAS in the cupboard is encrypted too, because it was mounted as a network drive. Your phone is ringing — staff want to know if they should go home — and you are trying to remember whether the cloud backup you set up two years ago is actually running, whether it has the customer database in it, and whether the personal information now sitting on an attacker’s server triggers an OAIC notification. Backup and Ransomware Preparedness from Cyber by Exegesis is the engagement that answers those questions before the ransom note arrives.

The problem

Ransomware against Australian SMBs is no longer just an availability problem. Modern ransomware crews exfiltrate data first and encrypt second — which means the same incident is simultaneously a business-continuity event and, for any SMB holding customer personal information, a candidate eligible data breach under the OAIC Notifiable Data Breaches scheme. The two clocks start at the same moment, and they are unforgiving.

Most Perth SMBs we look at have a backup something — a NAS, a Veeam job, a Microsoft 365 retention setting, a cloud sync. What they rarely have is a backup chain that survives a ransomware crew that has already had a week of quiet access to the network. The ACSC Small Business Cyber Security Guide is explicit about the requirements: backups must be regular, separated from the production network, and — critically — restore-tested. Untested backups are not backups; they are hopes. And the response plan that decides who calls the OAIC, who calls the bank, and who calls the lawyer cannot be written on the day.

What Backup and Ransomware Preparedness does

Cyber by Exegesis runs a fixed-scope engagement covering both the technical chain and the response plan:

• A review of your current backup chain — frequency, immutability, off-site or off-network separation, retention window, and whether the backup account is reachable from a compromised admin workstation.
• A documented restore test against a representative workload (a file share, a finance database, or a Microsoft 365 mailbox). If it has not been restored, it is not a backup.
• A ransomware response plan written for your business — who declares the incident, who isolates the network, who engages the insurer, who assesses whether the OAIC NDB scheme is triggered, and the order in which those happen.
• A 90-minute tabletop exercise walking your leadership team through a realistic Perth-SMB ransomware scenario, including the data-breach assessment decision point.
• A written report with the gaps found, the changes made, and a 12-month review window.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same group behind the DRMO live product. Our scope here is preparedness. We set the chain and the plan; we are not your incident-response retainer.

How it works

1. We confirm scope on a short call, identify the systems holding personal information, and request read-only access to your backup tooling and the relevant cloud tenants.
2. We document the current backup chain end-to-end and identify where a single compromised admin credential would destroy both production and backup.
3. We run a restore test against one representative workload and time it. The result goes into the report whether it is good or bad.
4. We draft the ransomware response plan with you, mapping decision points to named people in your business and external parties (insurer, legal, OAIC, bank).
5. We facilitate the 90-minute tabletop exercise and leave you with the written report and the 12-month review window.

Why this matters in Perth

Perth SMBs sit a long way from east-coast incident-response capacity and operate across a three-hour time-zone gap with most national insurers and legal panels. When a ransomware incident lands at 8am Perth time, the people you most want to call are in meetings or still asleep. That makes the preparedness side of this work disproportionately valuable in WA: a Perth SMB that has restore-tested its backups and rehearsed the OAIC notification decision is making fewer decisions under pressure and making them with the right people in the room. The mining-services, professional-services, and healthcare SMBs that dominate the Perth market all hold the kind of personal information that puts the NDB scheme in scope — which means the data-breach clock runs alongside the restore clock from minute one.

Sources

• ACSC Small Business Cyber Security Guide: https://www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-cyber-security-guides
• ACSC Essential Eight Maturity Model (regular backups is one of the Essential Eight): https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Backup and Ransomware Preparedness (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Backup and Ransomware Preparedness for Perth SMBs

We are sequencing engagements by sector and by backup platform (Microsoft 365 / Veeam / cloud-native first). Join the waitlist with your sector and current backup tooling — we will tell you when we are ready to take a brief from your business.