Ransomware in Australia

The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has observed an increase in the number of ransomware incidents affecting Australian organisations and individuals.
Content complexity
Advanced
This rating relates to the complexity of the advice and information provided on the page.

Overview

This information on risks, impacts and preventative actions associated with ransomware incidents is intended to inform Australian small to medium businesses, industry organisations and Commonwealth entities. The preventative measures outlined below can also be applied to Australian individuals seeking to protect themselves against ransomware incidents.

Ransomware can cripple organisations that rely on computer systems to function by encrypting all connected electronic devices, folders and files and rendering systems inaccessible. Cybercriminals will then demand a ransom in return for the decryption keys, often in the form of untraceable cryptocurrencies such as Bitcoin. Cybercriminals may also demand payment of a ransom to prevent public release of data stolen during the incident. Ransomware is one of the most frequent and damaging types of malware, demonstrated by cybercriminals’ success in gaining access to networks and taking money directly from the pockets of Australians.

Further advice can be found by downloading Ransomware in Australia.

Key takeaways

  • Ransomware continues to be a prevalent global threat. Cybercriminals using ransomware pose a significant risk to Australia.
  • Consistent with global trends, the ACSC has observed cybercriminals successfully using ransomware to disrupt operations and cause reputational damage to Australian organisations.
  • Most ransomware incidents occur after other malicious activity has been conducted against an organisation (e.g. phishing campaigns).
  • Ransomware incidents will remain a common threat in Australia and globally due to cybercriminals’ success.
  • All sectors and individuals with information of value are potential targets for cybercriminals seeking opportunities for financial gain.
  • The ACSC advises against paying ransoms. Payment of the ransom may increase an organisation’s vulnerability to future ransomware incidents. In addition, there is no guarantee that payment will undo the damage.
  • Investing in preventative cyber security measures, such as keeping regular offline backups of business critical data and patching known security vulnerabilities, is more cost effective than the comparative costs incurred when attempting to recover from a ransomware incident.
  • The ACSC has produced this guidance to raise public awareness and resilience to ransomware incidents to ensure Australia remains the safest place to connect online.
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it

Icon for ReportReport a cyber security incident for critical infrastructure Icon for becoming a alertsGet alerts on new threatsAlert Service Become anACSC partner Icon for reportingReport a cybercrime or cyber security incident
Acknowledgement of Country icon
Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.
Authorised by the Australian Government, Canberra