menu close
  • Back

In 2022, 73% of businesses were hit by threat actors using ransomware attacks, with global costs expected to exceed $30 billion in 2023¹. These attacks, which encrypt files and demand ransoms for decryption, pose a significant threat globally. The increase in this type of attacks underscores the need for businesses to prepare in order to minimise risks and damages. This guide covers ransomware’s nature, its targeting of Australian businesses, and the importance of having a ransomware action plan.

What is ransomware?

A ransomware attack is a form of malware designed to encrypt files on a computer device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.

Ransomware attacks are increasingly targeting Australian businesses and organisations, encrypting data and demanding ransom payments, often in cryptocurrency. These ransomware incidents, frequently executed by ransomware gangs through cyber extortion tactics, are a major concern for the Australian Cyber Security Centre and the Australian Federal Police. The Australian government, recognizing the severity of such attacks, has developed a national Ransomware Action Plan, focusing on enhancing cybersecurity across various sectors to combat ransomware and protect sensitive information.

This plan, along with legislative reforms, aims to empower Australian businesses and organisations, including small businesses, to protect their critical infrastructure and restore access to stolen data following a ransomware attack. Key strategies involve the ability to seize ransomware payments and strengthening shared capabilities in fighting cybercrime. These measures are essential in helping victims of ransomware crimes regain access to their data without succumbing to the demands of cybercriminals.

Collaboration with international counterparts plays a crucial role in this strategy. Joint operations involving international cooperation are conducted to dismantle ransomware as a service operation and track network activity and cryptocurrency transactions. This global approach aims to provide safe havens from ransomware threats and reinforce the Privacy Act.

For businesses and organisations, it's crucial to implement robust defence with cyber security services to prevent access to their networks by ransomware attackers. Regular reporting of ransomware incidents to law enforcement agencies, coupled with comprehensive incident response schemes, can help mitigate the threat of such attacks. By focusing on prevention, response, and recovery, Australia is striving to safeguard its businesses and organisations from the ongoing threat of ransomware, ensuring the protection of their data and operations.

Why ransomware targets Australian business

Australia's strong economy and high digital connectivity make it a prime target for ransomware attacks, exploiting software vulnerabilities, email systems, and human behaviour for unauthorized network access. In 2023, the average cost of a data breach in Australia rose by 9.8%, reaching $3.35 million per incident². These attacks, due to the global nature of the internet, pose risks to individuals and organizations irrespective of location.

The robust financial sector and advanced technological infrastructure in Australia offer cybercriminals opportunities to exploit vulnerabilities and demand ransom payments. Australia's valuable data assets, including personal, financial, and intellectual property, further entice attackers. By encrypting this data and demanding ransoms, cybercriminals can extort significant sums.

Attackers exploit software vulnerabilities, targeting outdated or poorly secured systems. Email systems are frequently compromised through phishing and malicious attachments. Human behaviour, such as susceptibility to suspicious links or unverified downloads, is also exploited, underscoring the need for awareness and education in cyber safety.

Given the internet's global reach, ransomware attacks can originate anywhere, affecting targets worldwide. The ease of cross-border communication enables attackers to target victims regardless of their geographical location. Australian businesses, organizations, and the Australian government, with support from law enforcement agencies like the Australian Federal Police and the Australian Cyber Security Centre, must proactively safeguard against these threats. This involves regular software updates, robust cybersecurity measures, and educating users on online safety best practices. By staying vigilant and implementing effective security measures, the risk of falling victim to ransomware attacks can be reduced, mitigating potential damages from these cyber threats.

The benefits of creating a ransomware action plan

Creating a ransomware action plan is essential for minimising the impact of an attack and ensuring a swift recovery. A well-prepared ransomware action plan can help organisations reduce downtime, limit data loss, protect sensitive information, and maintain business continuity. Additionally, having a ransomware action plan in place demonstrates due diligence to stakeholders and regulatory authorities, potentially minimising legal and reputational risks.

Get in touch

Talk to us today to optimise your operations.

Contact Us

Who needs a ransomware action plan?

Every organisation, regardless of size or industry, should have a ransomware action plan. Cybercriminals are constantly evolving their attack techniques, making it crucial for all entities to be proactive in their defence. From multinational corporations to small businesses and non-profit organisations, no one is immune to the threat of ransomware. By preparing and implementing an action plan, organisations can significantly enhance their ability to mitigate and withstand these attacks.

Objectives of the ransomware action plan

Effective ransomware action plans typically focus on three key objectives: preparing and preventing ransomware attacks, responding, and recovering from a ransomware incident, and disrupting and deterring ransomware criminals. Let's explore each objective in more detail.

Objective 1: Preparing and preventing ransomware attacks

Preparing for ransomware attacks involves implementing various preventative measures to reduce the likelihood of an attack and minimise potential damages. This includes regularly updating software and systems, conducting security awareness training, utilising strong authentication mechanisms, and implementing robust backup and recovery procedures.

Objective 2: Responding and recovering from ransomware incidents

In the unfortunate event of a ransomware incident, organisations must have a well-defined plan to respond effectively. This includes isolating affected systems, notifying relevant stakeholders, engaging law enforcement if necessary, and restoring data from secure backups. A prompt and well-executed response can help minimise downtime and data loss.

Objective 3: Disrupting and deterring ransomware criminals

Disrupting ransomware criminals involves taking proactive steps to identify and apprehend these cybercriminals. Collaboration with law enforcement agencies, sharing threat intelligence, and implementing advanced cybersecurity measures are crucial in deterring future attacks and creating a safer digital environment for all.

Key takeaways and future outlook from the Australian Cyber Security Centre

The escalating sophistication of ransomware attacks underscores the need for comprehensive action plans. Understanding ransomware's global impact and developing plans enhances organisational resilience. Continuous adaptation and improvement in cybersecurity practices are crucial. Despite the threat, there's a positive trend: in 2022, ransomware extortions globally dropped to $456.8 million, a 40% decrease compared to the previous record of $765 million³, largely due to the effectiveness of clear ransomware action plans by organisations.


As ransomware continues to evolve and proliferate, the creation of a detailed and dynamic action plan has become a critical shield for individuals and organisations alike. This guide emphasises that beyond understanding ransomware's mechanisms and acknowledging its global impact, proactivity in cybersecurity measures, education, and vigilance are the linchpins of digital resilience. As the threat landscape expands, the collective commitment to robust security practices and collaborative threat intelligence will be paramount in fortifying our defences. It's this preparedness and unity in approach that equips us to not just withstand but actively combat the tide of ransomware, ensuring the safety and continuity of our digital realms now and into the future. 


Frequently asked questions

Can you explain the significance of educating businesses and individuals about ransomware prevention and response within an action plan?

Ransomware's growing threat necessitates educating businesses and individuals on prevention and response. A plan including training, regular backups, and incident protocols reduces risks. Awareness enables identifying vulnerabilities, lessening breach likelihood, and minimizing impact, crucial for strong defenses against financial and reputational harm from ransomware.

What are the strategies to mitigate ransomware?

Some of the best practices for preventing ransomware include regularly backing up critical data, keeping software and firmware updated, and using strong authentication methods. Additionally, it is important to educate employees on how to recognise and report suspicious activity, as well as test and refine incident response plans. Many organisations also choose to implement security technologies such as firewalls, intrusion detection systems, and endpoint protection tools to prevent and detect attacks. Taking a multi-layered approach to security is crucial in today's ever-evolving threat landscape.

What is the first action to take against ransomware?

To combat ransomware, prioritize regular, tested backups for easy data restoration without ransom payment. Implement a strong cybersecurity strategy with antivirus software, employee training, and network segmentation. Quick detection and response through security monitoring and incident planning are essential to minimize impact and contain infections effectively.

What is the best course of action to take after a ransomware attack? Should I speak with law enforcement agencies?

Post-ransomware attack, isolate infected devices and assess the attack's scope. Restore data from backups or seek professional decryption. Report the incident to authorities, notify affected parties, and enhance future security through updated protocols and employee training. Quick, calm action is crucial to minimize risk and damage. One of the first course of actions should be to speak with your local law enforcement agency who can help implement Australia’s ransomware action plan.

How does a ransomware action pan address the issue of cryptocurrency payments and their impact on ransomware payments?

An effective Ransomware Action Plan needs strategies against cryptocurrency use in attacks, emphasising Bitcoin's anonymity. It suggests limiting cryptocurrency transactions, enforcing strict KYC protocols by financial institutions, and coordinated tracking of suspicious transactions. Recommending against ransom payment, it advises data backups and security training to mitigate attacks.

Similar Articles


What are the advantages of Microsoft Azure

Discover the advantages of Microsoft Azure: Scalability, security, cost-efficiency, and innovation. Learn how Azure enhances operations and drives digital transformation in New Zealand.

What is Security Automation?

Learn how automated security transforms cybersecurity, making it simpler and more efficient. Protect your business data with CBS New Zealand’s expert insights now!

What are the effective Azure cost optimisation strategies

Maximize Azure efficiency for your New Zealand organisation. Reduce costs, optimize resources, and align spending with business goals using our expert strategies and tools!

What are the benefits of penetration testing?

Gain confidence in your digital security with the benefits of penetration testing. Enhance cybersecurity, identify vulnerabilities, and fortify your defences with CBS New Zealand's expert insights now!

Cybersecurity Threat Detection: Proactive strategies

Stay ahead in cybersecurity with our 2024 guide on threat detection. Learn advanced technologies & response plans to protect your business against threats with CBS New Zealand.

Navigating Information Security Frameworks

Explore essential information security frameworks to safeguard your data. Protect your business data with CBS New Zealand's expert insights now!

Ultimate guide to internal penetration testing

This Internal Penetration Testing guide covers techniques, analysis, and best practices for identifying vulnerabilities & strengthening your cyber defense in New Zealand.

RMM Meaning and its significance in IT management

Evolving technology, key benefits, and its impact on efficiency and security. protect your business data with CBS New Zealand’s expert insights now!

The Threat Intelligence Lifecycle explained

Discover how to navigate the Threat Intelligence Lifecycle in 2024. Our guide covers phases, analysis, and best practices for cybersecurity decision-making in New Zealand.

What are the latest cyber threats and defense strategies?

Enhance cybersecurity, identify vulnerabilities, and fortify your defences with CBS New Zealand's expert insights now!

Understanding Blue Teams in cybersecurity

Explore Blue Teams' pivotal role in cybersecurity: their defense strategies, Red Team collaboration, and trends with CBS New Zealand's expert insights now!

When to conduct vulnerability assessments to identify weak points?

Explore the importance of vulnerability assessments in cybersecurity and protect your business data with CBS New Zealand's expert insights now!