Australian ransomware payments average at $9.27 million

Sophos Pty Ltd

By Dylan Bushell-Embling
Friday, 03 May, 2024

Australian ransomware payments average at $9.27 million

Australian businesses acquiescing to ransomware attacks paid an average of just over US$6 million ($9.27 million) in 2023, more than US$2 million above the global average, according to data from Sophos.

The cybersecurity company’s annual State of Ransomware report for 2024 found that 54% of Australian businesses were a victim of ransomware attacks last year. But this is down from 70% in 2023 and 80% in 2022.

More than three-quarters (76%) of ransom demands made towards Australian organisations were for US$1 million or more, with the average demand being US$6.8 million. High ransoms are being demanded even of smaller enterprises globally, with nearly half (46%) of organisations with revenue of less than US$50 million receiving a seven-figure ransom demand in the past year.

The research also found that regardless of paying any ransomware demands, Australian businesses spent an average of US$2.37 million recovering from a successful ransomware attack in 2023, up from US$1.72 million in the prior year. Australian organisations were also slower to recover from ransomware attacks, with only 36% being fully recovered in up to a week and 33% taking between one and six months.

Attacks on Australian businesses are also evolving, with 84% of Australian organisations hit by ransomware reporting that cybercriminals attempted to compromise their backups during the attack. In 66% of such instances — the highest among any country — these attempts were successful. Likewise, in 20% of incidents where data was encrypted, it was also stolen.

Sophos CTO Hohn Shier said the findings show that ransomware attacks are still the most dominant threat today. “Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks,” he said. “The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multimillion-dollar ransoms, there are others that settle for lower sums by making it up in volume.”

Image credit:

Related News

IMT sector was Australia's most targeted in 2023: report

The information, media and technology sector has been the Australian industry most targeted...

ISACA identifies gaps in AI knowledge, training and policies

85% of digital trust professionals say they will need to increase their AI skills and knowledge...

VNC accounts for nearly all remote desktop attacks

Virtual Network Computing accounted for 98% of remote desktop attacks recorded by Barracuda last...

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd