Case Study: City of Onkaparinga achieves rapid recovery from RYUK ransomware with Sophos Intercept X Advanced Managed Threat Response

How the City of Onkaparinga survived a shocking ransomware attack

The City of Onkaparinga, South Australia’s largest metropolitan council serving about 170,000 residents and 700+ staff, was paralysed by a targeted RYUK ransomware attack in December 2019 that shut down email, caused a full server outage and crippled community services. The council engaged Sophos and deployed Sophos Intercept X Advanced Managed Threat Response to help contain and recover from the breach.

Sophos’ global SOC, working with local partner CompNow and on‑site teams, remotely disrupted, contained and neutralised the RYUK infection, restoring critical systems (email, payroll, finance, property) by 18 December and stopping nightly re‑encryption attempts. The interim 90‑day Sophos licence was converted to a three‑year contract, Intercept X was installed on 131 servers and 1,265 devices with 24/7 cloud monitoring, forensic analysis found no evidence of personal data access over three months, and 60 infected devices were identified — delivering predictable, all‑inclusive managed threat response from Sophos.

City of Onkaparinga

Desma Morris

Manager ICT