[ad_1]
Australian and New Zealand organisations have experienced some of the most severe waves of ransomware attacks globally, according to new research from Semperis, with a substantial proportion facing repeated targeting and rising threats to their executives.
The 2025 Ransomware Risk Report from Semperis draws on a survey of nearly 1,500 organisations worldwide, capturing the escalation in both the frequency and aggression of ransomware campaigns affecting the Australia and New Zealand (ANZ) region. The report indicates that one in three ransomware attacks on Australian and New Zealand organisations were repeat incidents within a 12-month window – significantly surpassing the global average.
Escalating threats
Recent attacks are marked by strategic timing, as hackers increasingly launch campaigns during weekends, public holidays, or following business disruptions such as layoffs and mergers, when IT teams are less likely to be operating at full capacity. The report shows that 52% of attacks in ANZ were initiated during these vulnerable periods.
Alongside this, the study reports that 80% of ANZ organisations experienced ransomware attacks following internal business disruptions, compared to 60% globally. The blending of operational uncertainty with cyber risk has created acute challenges for business continuity and resilience in the region.
A further worrying trend has emerged in the psychological pressure exerted on victims. According to the report, 43% of Australian ransomware victims reported being threatened with physical harm to executives if their organisations failed to meet ransom demands. This aligns closely with figures seen in the United States and Germany. The report states that 47% of breached companies across the ten countries surveyed had hackers threaten to file regulatory complaints against them unless incidents were reported in accordance with hackers’ wishes.
Security staffing and repeat ransoms
While 99% of ANZ organisations surveyed operate a Security Operations Centre (SOC), 89% acknowledged that their SOCs are not fully staffed outside standard work hours, highlighting a critical challenge for continuous cyber vigilance.
The financial aspects of ransomware attacks also reflect a bleak picture. Of those targeted, 57% of Australian victims indicated they had paid a ransom multiple times in the previous year, and 12% had paid on three or more occasions. The report found that nearly 38% of affected organisations worldwide paid multiple ransoms, and 11% paid three times or more.
Organisations frequently cite the sophistication of attacks and existing technical debt as key hurdles, with 37% identifying advanced techniques as the major challenge, and 31% pointing to legacy vulnerabilities.
Government and industry response
Ransomware is a scourge on the global economy. A tool of abhorrent criminal gangs that is leveraged to create existential crises for organisations big and small. In our collective fight against it, knowledge is power. That is why last year the Australian Government legislated a reporting requirement for businesses who make payments in response to ransomware attacks. The more we know about this criminal business model, the more informed choices we can make, to make our economies more resilient to the threat and dismantle groups who attempt to use it to prey on our institutions,” said the Honourable Tony Burke MP, Minister for Home Affairs, Minister for Cyber Security, Australia.
The emphasis on reporting reflects a view that transparency and regulatory action are vital to disrupting ransomware gangs’ operations and reinforcing national cyber resilience.
Technical leaders also underscored the importance of maintaining and restoring identity management infrastructure, particularly Active Directory, which is frequently a target for attackers.
Active Directory is obviously a key vector for attack. If you have been breached, the ability to restore the integrity of your Active Directory, very quickly, is paramount,” said Malcolm Turnbull, former Australian Prime Minister and Semperis Strategic Advisor.
The study also reveals that in 20% of cases where a ransom was paid, organisations received corrupt decryption keys that were unusable. Occasionally, attackers released keys but still published stolen data, pointing to the limited reliability of complying with ransom demands.
Building resilience
Organisations are encouraged to build on existing security measures by scrutinising the security posture of partners and supply chain vendors, who may represent potential vulnerabilities. Regular incident response exercises and close attention to evolving ransomware tactics are recommended as essential steps for readiness.
Paying ransoms should never be the default option. While some circumstances might leave the company in a non-choice situation, we should acknowledge that it’s a downpayment on the next attack. Every dollar handed to ransomware gangs fuels their criminal economy, incentivising them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom,” said Mickey Bresman, CEO of Semperis.
The findings underline the aggressive and persistent nature of ransomware campaigns impacting Australian and New Zealand organisations, while highlighting the need for comprehensive strategies and continued investment in cyber resilience to manage the ongoing threat landscape.
[ad_2]
Source link
