Australian ransomware payments average at $9.27 million

Sophos Pty Ltd

By Dylan Bushell-Embling
Friday, 03 May, 2024

Australian ransomware payments average at $9.27 million

Australian businesses acquiescing to ransomware attacks paid an average of just over US$6 million ($9.27 million) in 2023, more than US$2 million above the global average, according to data from Sophos.

The cybersecurity company’s annual State of Ransomware report for 2024 found that 54% of Australian businesses were a victim of ransomware attacks last year. But this is down from 70% in 2023 and 80% in 2022.

More than three-quarters (76%) of ransom demands made towards Australian organisations were for US$1 million or more, with the average demand being US$6.8 million. High ransoms are being demanded even of smaller enterprises globally, with nearly half (46%) of organisations with revenue of less than US$50 million receiving a seven-figure ransom demand in the past year.

The research also found that regardless of paying any ransomware demands, Australian businesses spent an average of US$2.37 million recovering from a successful ransomware attack in 2023, up from US$1.72 million in the prior year. Australian organisations were also slower to recover from ransomware attacks, with only 36% being fully recovered in up to a week and 33% taking between one and six months.

Attacks on Australian businesses are also evolving, with 84% of Australian organisations hit by ransomware reporting that cybercriminals attempted to compromise their backups during the attack. In 66% of such instances — the highest among any country — these attempts were successful. Likewise, in 20% of incidents where data was encrypted, it was also stolen.

Sophos CTO Hohn Shier said the findings show that ransomware attacks are still the most dominant threat today. “Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks,” he said. “The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multimillion-dollar ransoms, there are others that settle for lower sums by making it up in volume.”

Image credit: iStock.com/AndreyPopov

Related News

Research reveals growing distrust of threat detection tools

A report by Vectra AI finds 48% of ANZ SOC practitioners say security vendors flood them with...

Obsidian Security opens Sydney data centre

Obsidian Security has established a data centre footprint in Australia to help bolster its...

Orro launches managed observability service

Orro says its new managed observability service can help Australian organisations rapidly...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd