Ransomware - how to protect your business

The ACSC Annual Cyber Threat Report 2020-21 outlines the key threats and trends facing Australian individuals and businesses.

One of the key dangers identified is the use of Ransomware by cyber criminals and this continues to pose one of the most significant risks to Australian businesses.

Ransomware has become even more sophisticated as Australians have had to move much of their lives online over the last 18 months.

Understanding Ransomware


Ransomware is a type of malicious software that certainly lives up to its name. When ransomware gets into your device, it makes your computer or its files unusable, until you pay a ransom.

Ransomware is a type of malware, but it is not a new threat. The first known incident occurred in 1989 and it is the fastest evolving threat to government and business today.

Leaders in the Australian and United Kingdom intelligence communities have identified ransomware as the most significant current threat to our cyber security landscape.

How it works


Ransomware can infect your devices in the same way as other malware or a virus. For example:

  • visiting unsafe or suspicious websites
  • opening emails or files from unknown sources
  • clicking on malicious links in emails or on social media
  • unsecure settings on a public server like weak passwords.

Once activated, ransomware will attempt to encrypt your files.

What can you do


Defence invests in cyber security outcomes through the Defence Industry Security Program (DISP) and promotes key security controls aligned to the ACSC.

DISP members can prevent the likelihood of an attack by using the cyber-security controls and procedures found in DSPF DISP Control 16.1 and the Australian Government Information Security Manual.

Ransomware has evolved in the last 18 months


The ACSC Annual Cyber Threat Report noted an almost 15% increase on the previous financial year in ransomware-related cybercrime, with almost 500 reports received.

Cybercriminals have started:

  • moving towards extracting heftier ransoms from large or high-profile organisation
  • encrypting networks and also exfiltrating data, then threatening to publish stolen information on the internet – all to increase the likelihood of ransoms being paid.

These shifts in targeting and tactics have intensified the ransomware threat to Australian organisations across all sectors, including critical infrastructure.

Understanding data exfiltration


Data exfiltration is any unauthorised movement of data. It is also known as data exfil, data exportation, data extrusion, data leakage and data theft.

Whether information is stolen with a printer or a thumb drive, data exfil is a very real threat for businesses.

If you’ve been compromised


If the unthinkable happens, Defence and the ACSC have laid out the following steps:

Subscribe to the free Defence Industry and Innovation newsletter to keep up to date with all the latest news and events.