cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Aussie organisations succumbing to ransomware threat

Almost half of the 80 per cent of Australian organisations targeted by ransomware paid cyber criminals, according to new Sophos research.

user iconReporter
Mon, 02 May 2022
Aussie organisations succumbing to ransomware threat
expand image

Global cyber security company Sophos has released its State of Ransomware 2022 report — which involves a survey of 5,600 mid-sized organisations in 31 countries — revealing 80 per cent of Australian organisations were hit with ransomware attacks over the course of 2021, up from 45 per cent in 2020.

Of those targeted, 43 per cent paid cyber criminals between US$100,000 and US$499,999.

“Alongside the escalating payments, the survey shows that the proportion of victims paying up also continues to increase, even when they may have other options available,” Chester Wisniewski, principal research scientist at Sophos, said.


“There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site.

“In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible. Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option.”

Other findings include:

  • 99 per cent of respondents have made changes to their cyber defences over the last year to improve their insurance position;
  • 70 per cent of Australian respondents whose data was encrypted used back-ups to avoid paying cyber criminals;
  • 79 per cent of attacks resulted in data being encrypted;
  • the average cost to recover from a ransomware attack was US$1.01 million; and
  • 91 per cent of respondents in Australia said their organisation has cyber insurance that covers them if they are hit by ransomware.

“The findings suggest we may have reached a peak in the evolutionary journey of ransomware, where attackers’ greed for ever higher ransom payments is colliding head on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” Wisniewski added.

“In recent years, it has become increasingly easy for cyber criminals to deploy ransomware, with almost everything available as-a-service.”

Sophos has offered a number of recommendations for organisations to reduce vulnerabilities to ransomware attacks, which include:

  • install and maintain high-quality defences across all points in the organisation’s environment;
  • proactively hunt for threats to identify and stop adversaries;
  • harden the IT environment by searching for and closing key security gaps;
  • developing contingency plans; and
  • making backups.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.