Ransomware on the rise leaves business on the backfoot

Building a ransomware resilient Australia

Ransomware Readiness
  • December 17, 2020

After years of increasing cyberattacks of all kinds, the rise of ransomware has changed the threat landscape for Australian businesses.

This shift in cyber tactics parallels our increasing reliance on technology as well as the introduction of new vulnerabilities into our IT environments and processes as a result of remote work. It also coincides with growing regulatory expectations that raise the stakes around businesses’ cyber defenses and data breaches.

We are at a critical juncture. It’s not just that there are more ransomware attacks – many more than appear in the media. Driven by huge financial incentives, the nature of these attacks has evolved to become much more sophisticated, with the potential to steal sensitive data and cripple systems and reputations. 

While crisis fatigue pervades, this is not a time to let down our guard. The cyber threat posed by ransomware can be as significant as the COVID-19 pandemic in its capacity to close down core functions across Government and business.

The cost of cyberattacks

$29bn

How much cyberattacks are costing Australian businesses and households, according to the government.

61%

The proportion of data breaches reported to the Office of the Australian Information Commissioner in the first six months of 2020 which were due to a malicious or criminal attack.

$1.25m

The average ransomware payment made in Australia.

61%

Proportion of organisations who say ransomware breaches are likely (PwC Digital Trust Survey).

What is ransomware and how does it work

Ransomware is nothing new - the first attack took place in 1989. But it is evolving. Ransomware uses malicious software (‘malware’) to deny access to files or computer systems until a ransom is paid. Attacks most commonly begin with a victim visiting an unsafe or suspicious website, opening emails or files from someone they don’t know, or clicking on malicious links in emails or social media. Once the attackers have access to your systems, they work to identify and isolate critical organisational information like financial information and customer records. Then they remove them, encrypt them, and demand payment – often in cryptocurrency – for their return.

Read more

The burgeoning business of ransomware-as-a-service

Cyber criminals are becoming more agile and sophisticated in their approach. Hackers are now able to license ransomware software from hacker developers, often in return for a share of the ransom they are able to extract from their victim. This ‘as-a-service’ nature of ransomware has helped attacks to proliferate. 

A ransomware-as-a-service known as ‘Netwalker’ has been used to prioritise more sophisticated and targeted attacks, with major data centre companies and universities reported to be among its more high-profile victims.1 In just five months, affiliates using the technology are alleged to have criminally obtained US$25million in ransoms.

Data blackmail and the Dark Web

Ransomware threat actors have changed tactics in 2020 to begin stealing sensitive data during attacks. They then use this stolen data to blackmail companies with the threat that it will be leaked or sold on the dark web, significantly adding to the potential operational and reputational consequences for organisations. 

Cryptocurrency enables impunity

The rise of bitcoin and other cryptocurrencies which operate outside of the mainstream, regulated financial sector has made it easier for cyber criminals to operate with anonymity and impunity. Ransoms can be paid and financial transfers between criminal groups made in a way that is significantly harder for authorities to detect and track.


The number of executives who say they plan to put cybersecurity at the heart of every business decision doubled this year. Yet there’s more work to be done. 

Too often ransomware and related cyber threats are viewed only as a technology challenge - and therefore something to be solved through technical fixes. IT plays a critical role, both in terms of identifying system vulnerabilities and securing them. But focusing on technology alone will not deliver robust resilience, including the ability to react rapidly if the worst happens. 

Readiness and recovery plans must take account of technical, operational, legal, regulatory, insurance, reputational, and revenue implications.

Industry Spotlight

Preparing the Australian health sector for ransomware attacks

Australia’s healthcare sector is one of the key pieces of national critical infrastructure that is most susceptible to cybersecurity incidents, including ransomware attacks. Learn what healthcare leaders can do now to protect it now and into the future.

Read more

Taking effective steps towards ransomware readiness

PwC’s approach to improving ransomware readiness is a result of on-the-ground experience of our internationally recognised cybersecurity specialists. We’ve led major organisations, in Australia and worldwide, through serious ransomware attacks and back to safety. 

But to protect trust, and your business, you must first be resilient. The Ransomware Readiness Assessment, created here in Australia by our Cybersecurity and Digital Trust team, results in practical recommendations and actions to remediate technical weaknesses and strengthen vulnerabilities to ransomware. This is across the value chain of process, people, operations, suppliers and technology. 

Our Ransomware Readiness Assessment has been built through deep technical and industry expertise including threat insights and in-depth analysis from our Threat Intelligence team, which monitors threat actors worldwide in real time. The whole-of-business lens ensures critical information is presented in a way that can be understood and applied from the boardroom to the IT team.

Inside a Ransomware Readiness Assessment

Ransomware Readiness is about checking your organisation’s ability to:

Defend against ransomware actor techniques: Have you strengthened the systems in your network that are likely to be targeted? Have you made it harder for ransomware to spread? Are you regularly checking for vulnerabilities as your business and ransomware techniques change?

Detect ransomware threats: Are you capturing the right information? Can you detect activity generated in your system by a ransomware threat actor? Are you acting on alerts?

Respond if the worst occurs: How prepared are you to respond if a ransomware attack cripples your system? Are you across the legal and regulatory responsibilities you would have to meet? Are you aware of what needs to be done in order to meet insurance obligations?

Recover rapidly: Do you know where your assets are? Do you know what data is held on your systems? Can you restore them quickly?


1 https://www.crn.com.au/news/equinix-breach-7-things-to-know-about-netwalker-ransomware-attacks-553216

Contact us

Andrew Gordon

Partner, Cybersecurity & Digital Trust, PwC Australia

Tel: +61 402 892 184

David Stocks

Director, Cybersecurity & Digital Trust, PwC Australia

Tel: +61 421 953 642