Attachment Size
Ransomware action plan 2.67 MB

Australia’s relative wealth, high levels of online connectivity and increasing delivery of services through online channels make it very attractive and profitable for transnational, organised cybercrime syndicates to target Australians using cyber-enabled tools and techniques. Consistent with global trends, the Australian Cyber Security Centre has continued to observe cybercriminals successfully use ransomware to disrupt operations and cause reputational damage to Australian organisations, and reported a 15% increase in ransomware attacks over the past 12 months.

Ransomware and cyber extortion remains the most serious cybercrime threat facing Australia due to its high financial and disruptive impacts to victims and the wider community. This trend of data theft, encryption, and public shaming reflects an evolution in ransomware tactics to more effectively extort considerable ransoms from victims. Cybercriminals are now regularly exfiltrating data, including customer personally identifiable information (PII), prior to encryption and subsequently threatening to release the stolen information publicly unless the ransom is paid. Victims who would have previously been well prepared for, or able to, recover from a ransomware incident are unlikely to be immune to this tactic known as ‘double extortion’. Organisations are now required to evaluate the cost of ransom payment against the potentially severe legal and reputational consequences of a data breach.

This document outlines the capabilities and powers that Australia will use to combat ransomware, seeks feedback on other regulatory reforms or voluntary incentives needed to promote the cyber security resilience of our digital economy, and provides information on where victims can go for help.​

Publication Details
License type:
Access Rights Type: