Australian Ransomware Payments Experience Dramatic Decline
Decrease in Ransom Payments
Recent findings reveal a substantial drop in the number of Australian organizations paying ransoms following ransomware attacks. According to Sophos’ sixth annual State of Ransomware report, the percentage of affected entities that opted to pay a ransom has fallen from 66% in 2024 to just 41% this year. This decline suggests a growing awareness and resistance among businesses against complying with demands from cybercriminals.
Insights from the Sophos Report
The report, which surveyed over 3,400 IT leaders across 17 countries, including 200 from Australia, sheds light on a positive trend in the cybersecurity landscape. One encouraging statistic is the decline in the median ransom payment, which has decreased to approximately US$217,000. This figure is significantly lower than the initial demands, indicating that more organizations are successfully negotiating down the amounts they pay.
Lower Recovery Costs
In addition to reduced ransom payments, recovery costs for ransomware victims have also seen a notable decline. In 2024, Australian organizations incurred recovery expenses amounting to US$2.37 million, but this cost has drastically dropped to US$650,000 in 2025. What’s more, the speed of recovery has improved; 47% of those affected were able to resume operations within a week, a marked contrast to last year’s 13% who took up to six months.
Proactive Strategies and Growing Awareness
Chester Wisniewski, director and field CISO at Sophos, emphasizes that in 2025, many organizations view the threat of ransomware as part of regular business risks. Increased awareness has prompted companies to invest in resources aimed at minimizing damage. Part of this strategy involves hiring incident responders, who not only help in negotiating lower ransom payments but also enhance recovery speed and can even halt ongoing attacks.
Challenges in Data Backup Practices
Despite these promising statistics, there are areas of concern. The usage of backups has seen a decline, with only 67% of organizations using backup systems to restore data, down from 72% in the previous year. This trend poses a substantial risk, as effective backup practices are crucial in mitigating the damages from ransomware attacks.
Common Vulnerabilities and Attack Vectors
The report highlights that commonly exploited vulnerabilities remain a primary access point for attacks, accounting for 47% of incidents. Phishing remains a critical threat as well, with 24% of victims falling prey to these schemes, and 21% of attacks utilizing compromised credentials.
Addressing Root Causes
Wisniewski advocates for tackling the fundamental issues behind ransomware incidents. Addressing exploited vulnerabilities, enhancing visibility over the attack surface, and allocating sufficient resources are crucial steps toward more effective prevention. As organizations recognize their need for assistance, many are turning to managed detection and response (MDR) services for enhanced protection.
The Call for a Ban on Ransom Payments
With declining payments and ransom amounts, Aaron Bugal, another field CISO at Sophos, argues that Australia should consider a complete ban on ransom payments, following the UK’s lead. He points out that paying ransoms perpetuates cybercrime and increases the chances of repeat attacks.
Share Your Experience
If your organization has been affected by a ransomware attack, the community is interested in hearing your story. Engaging with others who have faced similar challenges can provide valuable insights and foster a supportive environment in the ever-evolving landscape of cybersecurity.
Conclusion
As Australia grapples with the realities of ransomware, the trends outlined in the Sophos report suggest that the tide may be turning. With decreased payment rates, lower recovery costs, and heightened awareness of cybersecurity practices, organizations are beginning to adapt to the challenges posed by cyber threats.
