What we’re seeing with Medusa ransomware isn’t just another spike — it’s a sign of how ransomware is evolving. The question every organisation should be asking right now is: If an attack like Medusa came for you, could you survive it?
New research from Illumio’s Global Cost of Ransomware Study shows just how widespread and damaging these attacks really are in Australia:
- A staggering 79 per cent of Australian businesses experienced at least one ransomware incident over the past year.
- 64 per cent had to shut down operations after an attack.
- Ransomware attacks impacted 28% of critical systems, with local systems down for 12 hours on average
- The average ransom demand equated to US$437,800.
- Ransomware took an average of 134 hours and 17 people to contain and remediate.
- Costs associated with reputation and brand damage now exceed those from legal and regulatory actions; 39 per cent experienced significant brand damage from an attack.
These numbers paint a clear picture: ransomware isn’t just an IT issue – it’s a business crisis. Ignoring the threat means gambling with your operations, reputation, and bottom line.
Dennis Fisher
Security Journalist at Censys
Ransomware began as an annoyance, a new tactic employed by a small number of cyber-criminals to scare individual consumers into handing over a few dollars or an iTunes gift card in return for unlocking their browser or decrypting their files. Since then it has rapidly evolved into a multi-faceted threat that is not just at or near the top of the priority list for every enterprise security team, but is also a national security issue for countries around the globe.
Ransomware infections have caused billions of dollars in damages and financial losses for small businesses, enterprises, and government agencies, and even the most well-prepared and mature security organisations are not immune from the specter of these attacks. As recent history has shown us, preparedness and awareness will only get us so far in the fight against ransomware. To truly break the model that has become so profitable for ransomware gangs, governments, researchers, and defenders must work together to disrupt the payment ecosystem that the ransomware gangs rely on. Without the ability to receive and shift their ransom payments through the global financial system, these gangs would lose their incentive to deploy ransomware. There have been some significant and notable successes in retrieving ransoms and stolen funds in recent years, but these are mostly one-off operations. A concerted and strategic global effort to address the payment problem is our best chance to end the ransomware era for good.
Sam Salehi
Managing Director ANZ at Qualys
As threat actors move faster and AI amplifies the speed and precision of attacks, organisations must evolve how they manage and reduce risk over time. The era of “patch when you can” is over. Traditional, reactive vulnerability management is no longer fit for purpose.
To stay ahead, businesses need a central, strategic view of their cyber risk posture. A dedicated Risk Operations Centre (ROC) provides this visibility – bringing together data from across the enterprise and translating it into meaningful, business-aligned insights. This enables business leaders to proactively manage risk based on impact, likelihood and cost, rather than reactive guesswork.
Effective risk management also can’t happen in silos. When security, IT, compliance, and business departments operate in lockstep, they can identify and prioritise the most critical assets, strengthen resilience, and deliver measurable outcomes. The ability to consolidate, interpret and act on risk data across the organisation is now a competitive advantage.
Adrian Briscoe
Business Development Manager Asia Pacific & Japan at DriveSavers Data Recovery
Nearly 40 per cent of small businesses have reported losing crucial data as a result of an attack. Cyber criminals have escalated their attacks on small and medium-sized businesses, with incidents surging by 32 per cent in late 2024, according to a recent report by Corvus Insurance.
Paying the ransom provides no assurance of successful data recovery. Cyber criminals specialise in encryption and extortion, not in developing flawless decryption tools. According to research from Sophos, only eight per cent of businesses fully recover their data, even after meeting ransom demands.
While off-the-shelf and free internet recovery tools can address some basic data loss scenarios, they typically prove inadequate when confronting more sophisticated cyber incidents. Providers that develop proprietary recovery tools achieve far greater success in complex cases.
Effective data recovery following cyber attacks is not just about tools – it requires expertise across diverse technologies, operating systems, and applications to understand the many ways data is structured and stored. This deep technical knowledge can only be acquired through years of experience and exposure to numerous complex data loss scenarios. Integrating this broad expertise and deep technical experience into a scientific process, combined with robust tools, creates the foundation for developing the most effective recovery solutions possible for each unique case.
Ultimately, when selecting a data recovery partner following a cyber event, prioritise providers with strong in-house software development capabilities who can customise solutions to your specific situation rather than relying solely on standardised approaches.
Steve Wilson
Chief AI and Product Officer at Exabeam
Ransomware is no longer just a criminal enterprise – it’s a fully weaponised business model, evolving faster than most security teams can track. The rise of generative AI has only accelerated this evolution. Ransomware groups are using it to scale attacks, craft convincing phishing lures, and even automate negotiation scripts in real time. What once took weeks of human effort can now be executed in hours with minimal oversight.
With ransomware actors now wielding AI as a force multiplier, the security industry can’t afford to stay in “wait and see” mode. We need to embrace bold, transformative approaches – automating where we can, accelerating what we must, and applying human judgment where it matters most.
That’s where agentic AI comes in. These systems do more than detect – they reason, act, and adapt. They can sift through thousands of signals in real time, initiate investigations, and take action to contain threats before damage spreads. When integrated into security operations, Agentic AI gives security teams the ability to investigate and respond in real time, not after the damage is done.
Ultimately, if we’re serious about resilience, we need to be equally aggressive in our adoption of Agentic AI across detection, triage, and containment. The goal isn’t just faster response – it’s fewer decisions made under pressure, and more time spent proactively managing risk, not reacting to it.
Brett Williams
Solution Engineering Manager at SentinelOne
Today, attackers exploit vulnerabilities, encrypt critical data, and demand ransom payments, often leaving organisations with financial losses and reputational damage. At the same time, threat actors often strike outside ‘business hours’. Almost every business is now online 24/7, but many systems remain monitored only during the standard eight hour window. It’s a sad reality, but due diligence (and often insurance) now dictate 24/7 monitoring to reduce the risk of ransomware.
Moreover, the use of ransomware-as-a-service (RaaS) platforms has expanded in recent years, enabling less technically skilled actors to launch effective attacks. Attackers are increasingly bypassing traditional security solutions by exploiting both old and new vulnerabilities, and using legitimate administrative tools installed on endpoints while shifting towards double and even triple extortion tactics.
Beyond encrypting data, threat actors now exfiltrate sensitive information and threaten to leak it unless ransom demands are met, often targeting victims’ customers or partners to increase pressure.
As these attacks grow more sophisticated, a proactive, multi-layered defence is the only way to stay ahead. Enterprises must regularly update software, enforce least privilege access, back up data securely, and deploy AI-driven threat detection to mitigate risks. Employee awareness is just as critical. What with phishing remaining a top ransomware delivery method, security training is a must.