Overview This information on risks, impacts and preventative actions associated with ransomware incidents is intended to inform Australian small to medium businesses, industry organisations and Commonwealth entities. The preventative measures outlined below can also be applied to Australian individuals seeking to protect themselves against ransomware incidents. Ransomware can cripple organisations that rely on computer systems to function by encrypting all connected electronic devices, folders and files and rendering systems inaccessible. Cybercriminals will then demand a ransom in return for the decryption keys, often in the form of untraceable cryptocurrencies such as Bitcoin. Cybercriminals may also demand payment of a ransom to prevent public release of data stolen during the incident. Ransomware is one of the most frequent and damaging types of malware, demonstrated by cybercriminals’ success in gaining access to networks and taking money directly from the pockets of Australians. Further advice can be found by downloading Ransomware in Australia. Key takeaways Ransomware continues to be a prevalent global threat. Cybercriminals using ransomware pose a significant risk to Australia. Consistent with global trends, the ACSC has observed cybercriminals successfully using ransomware to disrupt operations and cause reputational damage to Australian organisations. Most ransomware incidents occur after other malicious activity has been conducted against an organisation (e.g. phishing campaigns). Ransomware incidents will remain a common threat in Australia and globally due to cybercriminals’ success. All sectors and individuals with information of value are potential targets for cybercriminals seeking opportunities for financial gain. The ACSC advises against paying ransoms. Payment of the ransom may increase an organisation’s vulnerability to future ransomware incidents. In addition, there is no guarantee that payment will undo the damage. Investing in preventative cyber security measures, such as keeping regular offline backups of business critical data and patching known security vulnerabilities, is more cost effective than the comparative costs incurred when attempting to recover from a ransomware incident. The ACSC has produced this guidance to raise public awareness and resilience to ransomware incidents to ensure Australia remains the safest place to connect online.