Report: Australian ransomware payments drop drastically year-on-year
Less than half of Aussie organisations targeted by hackers are now paying a ransom – is it time to ban payments entirely?
The number of Australian entities paying a ransom in the wake of a ransomware attack has dropped significantly, down from 66 per cent in 2024 to just 41 per cent this year.
The welcome figure is courtesy of Sophos’ sixth annual State of Ransomware report, released last week and based on a survey of 3,400 IT leaders from 17 countries, including 200 Australians.
You’re out of free articles for this month
The drop in ransomware payments is not the only good news, either. The median ransom payment dropped to US$217,000, far below the initial ransom demands, and more than half of Australian organisations hit by ransomware were able to negotiate their payments down.
Recovery costs are also down. Australian victims of ransomware attacks spent US$2.37 million on recovery in 2024, a figure which has dropped markedly down to US$650,000 in 2025. Recovery operations are also speeding up, with 47 per cent of Aussie victims up-and-running again within a week. Only 13 per cent of organisations took between one and six months to recover, an improvement over last year’s figure of 33 per cent.
“For many organisations, the chance of being compromised by ransomware actors is just a part of doing business in 2025. The good news is that, thanks to this increased awareness, many companies are arming themselves with resources to limit damage,” Chester Wisniewski, director and field CISO at Sophos, said in a statement.
“This includes hiring incident responders who can not only lower ransom payments but also speed up recovery and even stop attacks in progress.”
It’s not all good news, of course. The use of backups has dropped among Australian organisations, with only 67 per cent of orgs using backups to restore data, compared with 72 per cent the year before.
Commonly exploited vulnerabilities remain the most common initial access vector for attacks, accounting for 47 per cent of all incidents. Phishing attacks compromised 24 per cent of victims, while compromised credentials were used in 21 per cent of attacks.
“Of course, ransomware can still be ‘cured’ by tackling the root causes of attacks: exploited vulnerabilities, lack of visibility into the attack surface, and too few resources,” Wisniewski said.
“We’re seeing more companies recognise they need help and moving to Managed Detection and Response (MDR) services for defense. MDR coupled with proactive security strategies, such as multifactor authentication and patching, can go a long way in preventing ransomware from the start.”
With ransomware payments becoming less frequent and dropping in value, Aaron Bugal, another of Sophos’ Field CISOs, believes it’s time for Australia to take the next step in fighting ransomware.
“Paying ransoms sustains cyber-crime and increases the risk of repeat incidents,” Bugal said.
“Australia should consider following the UK’s lead and ban ransom payments outright.”
Has your business been impacted by a ransomware attack? If so, Cyber Daily would love to hear your story.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
