Rising Ransomware Threats in Australia and New Zealand
Increasing Vulnerability of Australian Organizations
Australia’s robust economy and impressive per-capita wealth make it an appealing target for ransomware groups, resulting in a considerable surge in attacks this year. In 2025, Australian organizations have faced 71 ransomware incidents, starkly higher than New Zealand’s mere nine. This disparity highlights not just the frequency of incidents in Australia but also the increasing complexity of the threats each country faces.
The Global Ransomware Landscape
While ransomware attacks are notably prevalent in areas like the United States, Canada, and Europe, Australia’s risk becomes even more pronounced when adjusted for population size. To illustrate, Italy has experienced 118 incidents in 2025, ranking fifth globally, despite having a population more than double that of Australia. With Australia sitting 13th globally in GDP, yet 55th in terms of population, its economic strength positions it as a particularly lucrative target for cybercriminals seeking financial gain.
Fragmented Ransomware Landscape
Unlike many regions dominated by a single ransomware group, the Australian and New Zealand ransomware environment is notably diverse. Groups like Qilin, Akira, and INC have each claimed responsibility for eight attacks this year. Other players such as Lynx and Dragonforce are also involved, indicating a fragmented yet active cybersecurity threat landscape.
Targeted Industries
The professional services and healthcare sectors are among the most frequently targeted by ransomware attacks in both Australia and New Zealand. However, various other industries are not spared, with at least eight others encountering three or more incidents in 2025 alone. This widespread targeting shows that no sector is immune to the reach of ransomware groups.
Significant Ransomware Incidents in 2025
Overview of Major Attacks
Several high-profile ransomware incidents have captured headlines in Australia and New Zealand this year, impacting various sectors and leading to significant data breaches:
-
Akira Ransomware Group: This group targeted an Australian company specializing in operational technology and industrial control systems. They claimed to have stolen 10GB of sensitive corporate data, including employee passports, driver’s licenses, medical records, and financial documents.
-
Political Party Breach: In a June 2025 attack, a ransomware group compromised the servers of an Australian political party, accessing sensitive information like email correspondence, personal identity records, and banking details.
-
Dragonforce Group: Known for leaking over 100GB of data from an Australian engineering firm, this group accessed site reports, customer information, and even employee medical records.
-
Arcus Media Incident: This attack involved an Australian IT company focused on flight simulation technology. Although no data samples were released, the attack raised serious concerns about cybersecurity in aviation.
-
VanHelsing Ransomware: This group targeted a medical technology firm specializing in sleep diagnostics, leaking sensitive employee information, including passport scans and financial data.
-
RansomHub Group: This ransomware group claimed to breach an Australian pharmaceutical firm, allegedly stealing 40GB of sensitive data.
-
Additional Breaches: Akira also revealed a breach in an Australian process engineering firm, leading to the theft of 26GB of data, while the Qilin Group breached an Australian steel company, extracting 11GB of financial and internal documents.
- Notable Attacks in Nearby New Zealand: The Play Ransomware Group targeted a SaaS company in New Zealand, seeking confidential client information, while Chaos Ransomware leaked nearly 3GB of data from an instrumentation company.
Understanding the Unique Threat Environment
Australia and New Zealand are navigating a distinct ransomware threat landscape, with a high incidence of attacks concentrated across various sectors. New Zealand’s vulnerability is compounded by its interconnectedness with global supply chains, which amplifies cybersecurity risks.
To effectively mitigate these dangers, organizations must implement strong cybersecurity frameworks. Techniques like zero-trust models, asset segmentation, and continuous monitoring are critical. Advanced platforms, such as Cyble’s AI-native cybersecurity solutions, offer real-time threat intelligence and proactive measures to counteract ransomware attacks.
The situation underscores the pressing need for enhanced cybersecurity measures across all sectors, as the risk of ransomware continues to loom large in Australia and New Zealand.
