惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Jina AI
Jina AI
宝玉的分享
宝玉的分享
Last Week in AI
Last Week in AI
Help Net Security
Help Net Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
人人都是产品经理
人人都是产品经理
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
GbyAI
GbyAI
博客园_首页
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
MongoDB | Blog
MongoDB | Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LINUX DO - 最新话题
PCI Perspectives
PCI Perspectives
博客园 - 三生石上(FineUI控件)
V2EX - 技术
V2EX - 技术
Spread Privacy
Spread Privacy
T
Tor Project blog
量子位
阮一峰的网络日志
阮一峰的网络日志
S
SegmentFault 最新的问题
小众软件
小众软件
博客园 - 叶小钗
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Blog — PlanetScale
Blog — PlanetScale
H
Help Net Security
Y
Y Combinator Blog
N
News | PayPal Newsroom
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Tenable Blog
Scott Helme
Scott Helme
G
GRAHAM CLULEY
大猫的无限游戏
大猫的无限游戏
aimingoo的专栏
aimingoo的专栏
IT之家
IT之家
Schneier on Security
Schneier on Security
F
Fortinet All Blogs
Martin Fowler
Martin Fowler
T
Threat Research - Cisco Blogs
博客园 - 司徒正美
Application and Cybersecurity Blog
Application and Cybersecurity Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Attack and Defense Labs
Attack and Defense Labs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Last Watchdog
The Last Watchdog
L
LangChain Blog
C
Check Point Blog
Google Online Security Blog
Google Online Security Blog
V
Visual Studio Blog
Latest news
Latest news

Blog | Latest Ransomware News and Trends | Coveware

Patch management goes from hard, to ludicrous in the agentic AI era Mass Data Exfiltration Campaigns Lose Their Edge in Q4 2025 Nitrogen Ransomware: ESXi malware has a bug! Obscura Ransomware: Why Some Data Can’t Be Recovered Insider Threats Loom while Ransom Payment Rates Plummet Targeted social engineering is en vogue as ransom payment sizes increase The organizational structure of ransomware groups is evolving rapidly. Will Law Enforcement success against ransomware continue in 2025? Law enforcement doxxing raises risk profile for threat actors Ransomware actors pivot away from major brands in Q2 2024 RaaS devs hurt their credibility by cheating affiliates in Q1 2024 New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying Scattered Ransomware Attribution Blurs Focus on IR Fundamentals Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments Big Game Hunting is back despite decreasing Ransom Payment Amounts Improved Security and Backups Result in Record Low Number of Ransomware Payments Uber Verdict Raises New Risks for Ransom Payments Fewer Ransomware Victims Pay, as Median Ransom Falls in Q2 2022 Coveware's testimony to the HSGAC on Mandatory Reporting Laws Ransomware Threat Actors Pivot from Big Game to Big Shame Hunting
Clarity on ransom payment statistics within Australia
Bill Siegel · 2024-12-04 · via Blog | Latest Ransomware News and Trends | Coveware

A recent Australian Financial Review (AFR) article, citing a report by a specialist advisory firm exemplifies the ongoing challenge that victims face in obtaining meaningful, reliable data on ransomware. At Coveware, we pioneered the rigorous collection of first-hand data to understand ransomware incidents, and we feel compelled to speak out when misleading information is widely distributed. The report presents data that differs materially from the first hand collected information we gather, and a potentially harmful narrative to Australian business decision-making. It claims that the average ransom payment by Australian companies has jumped to $1.35 million in 2024, with 69 per cent of Australian businesses experiencing a ransomware attack in the past five years, and 84 per cent of those paying a ransom - mostly within 48 hours. The data and facts we collect from thousands of ransomware attacks differs materially. Such reporting risks creating a misleading perception about ransomware response strategies, potentially encouraging harmful practices among businesses seeking guidance.

Having had extensive hands-on experience assisting hundreds of Australian ransomware victims over the past six years, our real-world data tells a starkly different story. Unlike the survey-based reporting cited in the article, our direct case experience shows a consistent decline in ransom payments. Over the last five years, we've observed an overall ransom payment rate, defined as the percentage of companies impacted by cyber extortion that end up actually paying the ransom, of 44% among Australian victims.  This year, we have seen a continued decline in this rate from 36% in 2023 to just 15% in 2024 to date - something we are incredibly pleased to see. Where the article suggests widespread capitulation to the demands of cybercriminals, our data reveals a more resilient landscape in Australia. For our clients, the average ransom paid by Australian victims in 2024 was USD$240,000—much smaller than the $1.35 million figure cited in the article. Critically, none of the Australian clients we have assisted in the last six years paid a ransom within 48 hours - a stat that directly contradicts the report's assertion.

The notion that companies can or should pay ransoms within 48 hours is particularly dangerous. Victims who rush to make quick decisions often make choices that are not in their best interest. We aim to provide meaningful data to our clients to allow them to make data-driven decisions, avoiding hasty payments that could result in ineffective decryption tools or further extortion attempts by the actor. In reality, responding to a ransomware incident is a complex process that requires careful deliberation. Victims must first assess the impact, verify backup availability, contain affected systems, and if necessary, engage with the threat actor—a process that can take days or even weeks. This is before considering critical steps like compliance checks, receipt of legal advice, insurance discussions, board and governance processes. Notwithstanding that, negotiating acceptable ransom demands and procuring cryptocurrency are additional time-consuming processes. The 48-hour payment narrative is not just inaccurate, it's dangerously simplistic.

A Global Example: A nation that does not easily succumb to ransom demands

Australia's approach to ransomware over the last few years is emerging as a global model of resilience. Unlike victims in other countries that more readily capitulate to cybercriminal demands, Australian businesses have demonstrated remarkable restraint. Even the largest organisations handling the most sensitive information (from healthcare to financial sectors) have shown a commitment to avoiding ransom payments except as an absolute last resort. And because of the bold decision made by many of those large organisations not to pay the ransom, despite facing intense public and regulatory scrutiny, it has made the decision not to pay easier for smaller organisations with less sensitive data. The recently passed mandatory ransomware payment reporting legislation further strengthens this stance, potentially discouraging unnecessary ransom payments by requiring organisations to justify their decision to pay. Sadly, victims often mistakenly believe paying ransoms guarantees the safe return of stolen data, but in reality, it doesn’t. This point was proven earlier in the year when law enforcement from 10 countries (including Australia) successfully disrupted the criminal operation of the LockBit ransomware group and uncovered that Lockbit did not routinely delete stolen data once a ransom was paid. In many cases, paying a ransom only perpetuates future attacks, potentially even on critical infrastructure like hospitals or government bodies.

By creating a framework of transparency and accountability, Australia is not just protecting its own digital ecosystem - it's providing a blueprint for global cybersecurity resilience. At Coveware, we are hopeful that Australia will use this first-hand collection of data from the mandatory ransomware reporting scheme to help victims dismiss misleading statistics like those from the report cited in the AFR article. Victims need to be armed with facts to make data-driven decisions moving forward - that will be the next major step in solving the ransomware problem.