Australian ransomware payments average at $9.27 million
Australian businesses acquiescing to ransomware attacks paid an average of just over US$6 million ($9.27 million) in 2023, more than US$2 million above the global average, according to data from Sophos.
The cybersecurity company’s annual State of Ransomware report for 2024 found that 54% of Australian businesses were a victim of ransomware attacks last year. But this is down from 70% in 2023 and 80% in 2022.
More than three-quarters (76%) of ransom demands made towards Australian organisations were for US$1 million or more, with the average demand being US$6.8 million. High ransoms are being demanded even of smaller enterprises globally, with nearly half (46%) of organisations with revenue of less than US$50 million receiving a seven-figure ransom demand in the past year.
The research also found that regardless of paying any ransomware demands, Australian businesses spent an average of US$2.37 million recovering from a successful ransomware attack in 2023, up from US$1.72 million in the prior year. Australian organisations were also slower to recover from ransomware attacks, with only 36% being fully recovered in up to a week and 33% taking between one and six months.
Attacks on Australian businesses are also evolving, with 84% of Australian organisations hit by ransomware reporting that cybercriminals attempted to compromise their backups during the attack. In 66% of such instances — the highest among any country — these attempts were successful. Likewise, in 20% of incidents where data was encrypted, it was also stolen.
Sophos CTO Hohn Shier said the findings show that ransomware attacks are still the most dominant threat today. “Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks,” he said. “The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multimillion-dollar ransoms, there are others that settle for lower sums by making it up in volume.”
CrowdStrike to buy Adaptive Shield
CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...
LockBit named nastiest malware of 2024
LockBit, a ransomware malware known to have been used to attack Australian targets, has been...
Extreme Networks launches ZTNA solution
Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...