Home » Strata Ransomware Checklist

Strata Ransomware Checklist

A practical, no-nonsense checklist for NSW strata management firms — built around your real LOB applications and the threats actually hitting the industry today.

By Tom Buckley – Director of Business Development, All IT Services | April 2026

Key Takeaways

  • Strata is now a top ransomware target in NSW — the April 2026 Strata Republic / Kairos breach exposed 441 GB of owner, tenant, banking and trust account data.
  • Your LOB stack is the soft underbelly. PIQ, StrataMax, Strata Master, MRI Rest, Console and similar systems hold the data attackers want and are rarely segmented from the rest of the network.
  • Multi-factor authentication is no longer optional — particularly on email, banking, trust accounting and remote access. Every breach this year traced back to a credential that should have had MFA.
  • Backups must be tested and immutable. If your only backup lives on the same network as your LOB system, you do not have a backup — you have a second copy waiting to be encrypted.

Why we built this

In April 2026, the Kairos ransomware group exfiltrated 441 GB of data from Strata Republic, one of NSW’s larger strata managers. The leaked dataset reportedly included owner contact details, trust account information, AGM minutes and internal financial records.

Every strata principal we have spoken to since has asked the same two questions: could it happen to us, and what should we actually be doing right now? This page is the answer — a free, no-strings checklist you can run against your own environment (or hand to your IT provider) this week.

Why attackers love strata management firms

  1. High-value data, low-friction targets. You hold owner identities, banking details, insurance certificates and AGM minutes — gold for extortion and identity fraud.
  2. Trust accounts move real money. BEC and invoice fraud thrive in environments where staff routinely pay tradies and contractors from a trust account.
  3. Specialised LOB apps with shared logins. Many PIQ, StrataMax and Strata Master tenants still run with shared or weak credentials, often without MFA at the application layer.
  4. Distributed, hybrid workforces. Strata managers work from home, on-site at AGMs, and from car parks. Endpoint hygiene and remote access controls slip.
  5. Regulator and reputational pressure. Notifiable data breach obligations under the Privacy Act mean a ransomware event becomes a public, regulated event very quickly.

What’s in the checklist

The PDF walks through six focus areas. Each one is short, scannable and written for a strata principal — not a sysadmin.

  1. Identity & access — MFA, conditional access, removing shared logins, offboarding ex-staff.
  2. Core LOB applications — PIQ, StrataMax, Strata Master, MRI Rest, Console: tenant hardening, MFA, audit logs.
  3. Email, banking & trust accounts — BEC controls, payment verification, mailbox rule monitoring.
  4. Devices & endpoints — patching cadence, EDR/XDR, removing local admin, BYOD posture.
  5. Backups & recovery — immutable copies, off-network storage, quarterly restore tests.
  6. Governance & response — incident response plan, cyber insurance alignment, board reporting.

The strata platforms we work with every day

All IT Services has been the IT partner to strata management firms across Sydney and regional NSW for over a decade. Our engineers know the quirks of each platform and have a tested playbook for hardening them.

PropertyIQ strata management software logo

PIQ

PropertyIQ — property management & trust accounting

StrataMax strata management software logo

StrataMax

Strata-specific accounting & meeting management

MRI Software logo - Strata Master and MRI Rest Professional

Strata Master & MRI Rest

MRI Software — end-to-end strata & property platforms

Reapit ANZ Console PM logo

Console (Reapit)

Reapit ANZ — property management LOB platform

Download the checklist

Free. No email gate. No sign-up. Share it with your principals, your committee or your existing IT provider.

Download the PDF (free, no sign-up)

Frequently Asked Questions

Is this checklist really free? Where’s the catch?

It’s free. No email required, no sign-up, no remarketing pixel. We publish it because the strata industry is being targeted right now and we’d rather more firms be hard to breach.

Do we have to be an All IT customer to use it?

No. Hand it to whoever runs your IT today and ask them to walk through it with you. If you’d like an independent second opinion, we’re happy to provide one.

Our IT is outsourced — is this still our problem?

Yes. Under the Privacy Act and the NSW strata regulations, the strata firm remains accountable for the data it holds, regardless of where it’s processed. The checklist gives you the right questions to ask your provider.

We use PIQ / StrataMax / Strata Master — does this apply to us?

Especially you. The checklist is built around the realities of those exact platforms — including the MFA, audit and access patterns specific to each one.

What if we think we’ve already been breached?

Don’t email or call from the suspect environment. Use a clean device, contact your cyber insurer, then reach out to a specialist IR team. Our team can be on the phone within the hour if needed.

Want a strata-aware second opinion?

Book a free 30-minute strata IT review with our team. No sales pitch — just an honest read on where your environment sits.

Book a free strata IT review