Australia is 9th in the world by ransomware attacks, new research by cybersecurity company NordLocker reveals. The new study analyzed numerous databases of ransomware incidents that affected over 5,000 companies worldwide. With a collective revenue of 6.14 trillion AUD, the companies under investigation produce more value than Germany’s entire GDP.
The research was conducted with the purpose of discovering which companies are at the highest risk of being targeted by ransomware. Apart from the geographic variable, researchers looked at factors such as which ransomware groups are the most active, the most affected industries, company revenue, and employee count.
“Ransomware is a type of cyberattack that forces a company’s operations to a halt by taking possession of its most crucial and sensitive files and demanding a ransom from the company to get the data back. This type of attack is extremely effective. In the past few years, cases have grown exponentially, while cybersecurity awareness has failed to catch up,” says Tomas Smalakys, NordLocker’s CTO.
Key Finding: Ransomware Attacks in Australia
- Australia is 9th in the world by ransomware attacks.
- Small businesses are at the highest risk, accounting for more than two-thirds of all attacks (69.5%).
- In Australia, Business Services is the top industry hit by ransomware (12.5% of all attacks), followed by the Transportation & Logistics industry (9.7%).
- LockBit and Conti are the most active ransomware gangs in Australia, responsible for 16.5% and 11.4% of attacks, respectively.
- 4.2% of ransomware attacks targeted Australia’s public sector institutions.
- 14.8% of ransomware attacks in Australia have annual revenue of more than 1.48 billion AUD
Business Services is the top industry to be hit by ransomware in Australia
Nordlocker’s research found that out of 18 industries identified, business services (12.50% of all attacks), transportation & logistics (9.7%), construction (6.9%), consumer services (6.9%), and healthcare (6.9%) industries are the most likely to be hit by ransomware in Australia.
“Ransomware gangs usually decide who their next target is based on two criteria. The first one is how likely the targeted company is to pay up, which is weighed by looking at variables such as the company’s importance in supply chains, the quantity of confidential information that it handles, and other factors that, in the case of an attack, put pressure on the company to get operations back up and running. The second criteria is more straightforward and primarily deals with the depth of the company’s pockets and how lacking in cyber defenses their business is,” says NordLocker’s Tomas Smalakys. “When you look at the data through this lens, you see why certain industries are more affected than others.”
Small businesses beware
Business size is another major indicator of how likely a business is to be targeted by a ransomware attack. In Australia, small-sized businesses are at the highest risk, accounting for more than two-thirds of all attacks (69.5%). Companies with an employee count of between 11-50 are the victims of 35.6% of attacks, and those with between 51-200 employees are victims of 32.20% of ransomware hacks, while those with between 201-500 deal with 15.30% of attacks.
“Small businesses are top targets for ransomware gangs because, for them, cybersecurity is often an afterthought. Smaller companies justifiably prioritize growing their operation, leaving cybersecurity on the sidelines. This, combined with the usually thin profit margins small businesses endure, makes them not only easy to hack but very likely to pay up as well, because they do not have the funds to sustain a prolonged halt to operations,” says Tomas Smalakys.
What else did the research find?
- Among the affected organizations are some of the most influential institutions nationally, including a logistics company with billions in revenue and a national alcoholic beverages corporation
- LockBit and Conti are the most active ransomware gangs in Australia, responsible for 16.5% and 11.4% of attacks, respectively.
- 4.2% of ransomware attacks targeted Australia’s public sector institutions.
- 14.8% of ransomware attacks in Australia target companies that have annual revenue of more than 1.48 billion AUD
- 5.1% of ransomware attacks in Australia target companies that employ more than 5,000 employees
Top 5 most affected industries in Australia:
|
Industry:
|
% of attacks
|
|
Business Services
|
12.50%
|
|
Transportation
|
9.70%
|
|
Construction
|
6.90%
|
|
Consumer Services
|
6.90%
|
|
Healthcare
|
6.90%
|
Most active ransomware gangs in Australia:
|
Ransomware gang
|
% of attacks
|
|
LockBit
|
16.50%
|
|
Conti
|
11.40%
|
|
REvil
|
10.10%
|
|
BlackCat
|
7.60%
|
|
Avaddon
|
7.60%
|
Cases per company employee count:
|
Employee count
|
% of attacks
|
|
11-50
|
35.60%
|
|
51-200
|
32.20%
|
|
201-500
|
15.30%
|
|
1001-5000
|
5.10%
|
|
501-1000
|
5.10%
|
The full report can be found here: https://nordlocker.com/ransomware-attack-statistics/
What is ransomware, and how can companies protect themselves from it?
By definition, ransomware is a type of malware that restricts users’ access to their files and demands payment. But how it does it, what kind of payment is requested, and what is encrypted differ greatly.
Ransomware has been used for decades. Some criminals demand a $50 ransom, and others ask for $30 million. The effectiveness of the attack results from most companies being ill-equipped to deal with it. To increase the likelihood of the ransom being paid, criminals may also threaten to post the victim’s data online.
In order to protect your business from ransomware, Tomas Smalakys recommends the following practices:
- Encourage cybersecurity training. Investing in your employee’s knowledge is the most cost-effective way to protect your organization from ransomware, as 82% of cyber attacks happen because of human error. It should be organized regularly and have a holistic approach that covers every employee.
- Ensure a regular backup process. Backups can’t stop cyberattacks, but they give the company leverage. Even if a company becomes a target for ransomware, the ability to restore data immediately will guarantee business continuity.
- Keep software up to date. Most cyberattacks either use social engineering to exploit the flaws in human nature or malware utilizing outdated software. Make sure everyone at the company understands how important it is to keep software up to date.
- Adopt zero-trust network access, meaning that every access request to digital resources by a staff member should be granted only after their identity has been appropriately verified.
