'Organisations paid, on average, 101% of initial ransom demand'
Australian organisations paid an average of US$6 million after ransomware attacks over the past year, according to a new report.
Sophos' The State of Ransomware in Australia 2024 revealed that 57 of 330 IT professionals in mid-sized Australian organisations said they paid for ransom after their data was compromised in cyberattacks.
The mean Australian ransom payment reached $6,002,186, way above the global average of $3,960,917, according to 76 respondents.
"Australian organisations paid, on average, 101% of their initial ransom demand received," the report said. "In comparison, globally, organisations paid 94% of the initial demand."
The findings come as 54% of the report's respondents revealed that they were hit by ransomware, lower than the global average of 59%.
The data continues the trend of Australia's decreasing ransomware attacks, after 70% was reported in 2023, and 80% were recorded in 2022.
"Ransomware remains a major threat to Australian organisations of all sizes around the globe. While the overall attack rate has dropped over the last year, the impact of an attack on those that fall victim has increased," the report read.
Compromised credentials were the most common root cause of attack (37%), followed by exploited vulnerabilities (32%).
Among those that experienced a ransomware attack, 84% of them said cybercriminals tried to compromise the organisation's backups, with 68% saying the attempts were successful.
Encrypted data weren't safe, as such data were stolen in 20% of attacks, according to the report.
Recovering from ransomware attacks is also starting to slow among Australian organisations, where only 36% reported fully recovering in a week, while 33% said it took up to six months.
Nearly all Australian organisations (95%) whose data was encrypted got their data back, with backups being the most common method for restoring data.
According to Sophos, it is essential for organisations and their cyber defences to remain up to date amid evolving attacks.
It underscored the importance of preventing a ransomware attack and defending endpoints and servers to stop malicious encryption.
Being able to detect and neutralising an attack can also "considerably" an organisation's outcomes, according to the report, which also emphasised how having an incident response plan can help improve outcomes if the worst happens.