15 hours ago
Derailing ransomware - today's great train robbery
It wasn't too long ago that the criminal enterprise of choice would see thieves jump aboard a moving train, navigate the carriages, neutralise the guards, get through locked doors, and ransack the locomotive of its valuable jewels and gold. In 2025, there is a similar motive at play, but the heists have shifted from the Wild West to the World Wide Web.
Cyberattacks are today's great train robberies and they're increasingly common. Recent research from Rubrik Zero Labs found 92 per cent of Australian organisations experienced a cyberattack last year, and the attackers are only growing more sophisticated.
Ransomware is one of the most common types of cyberattacks, comprising 20 per cent of all attacks, and those behind them do not discriminate. According to the same Rubrik Zero Labs' research, attackers have evolved, with 78 per cent of Australian victims reporting the threat actors were able to at least partially harm backup and recovery options. In more than a third (35 per cent) of cases, the attackers were completely successful.
Why are attackers targeting backups? If they can successfully compromise these critical data copies, the victim's ability to recover data under their own steam will be severely impacted. The thinking is, if they can take these down, then the victim will be forced to pay the ransom.
And it's working.
Rubrik Labs Research also found that of the Australian firms hit with a ransomware attack last year, more than 90 per cent paid the ransom to recover their data.
While paying an attacker may allow a business to recover its data or stop a threat, it also supports the cybercrime business model. If a ransomware attack works once, what's going to stop it working again, and again, and again. Paying a ransom just fuels the fire.
These payments may have previously gone unreported, however late last month the federal government introduced mandatory ransomware payment reporting requirements. This could change the calculus for local organisations as they seek to avoid the reputational risk of payments going public.
Unfortunately, despite best efforts, there is no silver bullet to protect against every single cyberattack. You can't prevent the unpreventable. So the only thing that matters is how quickly you can recover.
There are many reasons why the frequency of cyberattacks, like ransomware, are increasing. These include the rising use of AI by cybercriminals, more sophistication of attacks, significant financial incentives, uneasy geopolitical climates, digitisation of organisations, and the shortage of cybersecurity professionals.
With this in mind, adopting a preemptive recovery posture - one that recognises a motivated attack will eventually be successful - organisations can take the initiative and recover faster than attackers can adapt.
So, it is imperative to be prepared with a recovery plan. To prepare for the worst. To adopt an "assumed breach" mindset.
In short, cyber resilience strategies reduce the severity of ransomware threats. Even if an organisation's systems are breached and held to ransom, secure backups ensure the business can quickly assess the scale of the breach, understand the scope of the compromise, and rapidly recover operations - all without paying a ransom.
This will lead to a decline in Australian businesses paying out ransoms and perpetuating the cybercrime business model. If the nation is no longer seen as a soft target, if robbers never come away with any loot, they'll shift their attention elsewhere - or better yet, leave the looting life behind.
Just like trains in the Wild West, businesses need multiple defences. Even if the thieves make it onto the train, past the guard and get through the locked door, it's not like valuables are out in the open waiting to be taken. They're in safes, requiring different keys and combinations to open. Cyber resilience strategies are an organisation's impenetrable safe - ensuring the crown jewels and critical backups needed to keep the train in motion are out of an attacker's reach.
It wasn't too long ago that the criminal enterprise of choice would see thieves jump aboard a moving train, navigate the carriages, neutralise the guards, get through locked doors, and ransack the locomotive of its valuable jewels and gold. In 2025, there is a similar motive at play, but the heists have shifted from the Wild West to the World Wide Web.
Cyberattacks are today's great train robberies and they're increasingly common. Recent research from Rubrik Zero Labs found 92 per cent of Australian organisations experienced a cyberattack last year, and the attackers are only growing more sophisticated.
Ransomware is one of the most common types of cyberattacks, comprising 20 per cent of all attacks, and those behind them do not discriminate. According to the same Rubrik Zero Labs' research, attackers have evolved, with 78 per cent of Australian victims reporting the threat actors were able to at least partially harm backup and recovery options. In more than a third (35 per cent) of cases, the attackers were completely successful.
Why are attackers targeting backups? If they can successfully compromise these critical data copies, the victim's ability to recover data under their own steam will be severely impacted. The thinking is, if they can take these down, then the victim will be forced to pay the ransom.
And it's working.
Rubrik Labs Research also found that of the Australian firms hit with a ransomware attack last year, more than 90 per cent paid the ransom to recover their data.
While paying an attacker may allow a business to recover its data or stop a threat, it also supports the cybercrime business model. If a ransomware attack works once, what's going to stop it working again, and again, and again. Paying a ransom just fuels the fire.
These payments may have previously gone unreported, however late last month the federal government introduced mandatory ransomware payment reporting requirements. This could change the calculus for local organisations as they seek to avoid the reputational risk of payments going public.
Unfortunately, despite best efforts, there is no silver bullet to protect against every single cyberattack. You can't prevent the unpreventable. So the only thing that matters is how quickly you can recover.
There are many reasons why the frequency of cyberattacks, like ransomware, are increasing. These include the rising use of AI by cybercriminals, more sophistication of attacks, significant financial incentives, uneasy geopolitical climates, digitisation of organisations, and the shortage of cybersecurity professionals.
With this in mind, adopting a preemptive recovery posture - one that recognises a motivated attack will eventually be successful - organisations can take the initiative and recover faster than attackers can adapt.
So, it is imperative to be prepared with a recovery plan. To prepare for the worst. To adopt an "assumed breach" mindset.
In short, cyber resilience strategies reduce the severity of ransomware threats. Even if an organisation's systems are breached and held to ransom, secure backups ensure the business can quickly assess the scale of the breach, understand the scope of the compromise, and rapidly recover operations - all without paying a ransom.
This will lead to a decline in Australian businesses paying out ransoms and perpetuating the cybercrime business model. If the nation is no longer seen as a soft target, if robbers never come away with any loot, they'll shift their attention elsewhere - or better yet, leave the looting life behind.
Just like trains in the Wild West, businesses need multiple defences. Even if the thieves make it onto the train, past the guard and get through the locked door, it's not like valuables are out in the open waiting to be taken. They're in safes, requiring different keys and combinations to open. Cyber resilience strategies are an organisation's impenetrable safe - ensuring the crown jewels and critical backups needed to keep the train in motion are out of an attacker's reach.
It wasn't too long ago that the criminal enterprise of choice would see thieves jump aboard a moving train, navigate the carriages, neutralise the guards, get through locked doors, and ransack the locomotive of its valuable jewels and gold. In 2025, there is a similar motive at play, but the heists have shifted from the Wild West to the World Wide Web.
Cyberattacks are today's great train robberies and they're increasingly common. Recent research from Rubrik Zero Labs found 92 per cent of Australian organisations experienced a cyberattack last year, and the attackers are only growing more sophisticated.
Ransomware is one of the most common types of cyberattacks, comprising 20 per cent of all attacks, and those behind them do not discriminate. According to the same Rubrik Zero Labs' research, attackers have evolved, with 78 per cent of Australian victims reporting the threat actors were able to at least partially harm backup and recovery options. In more than a third (35 per cent) of cases, the attackers were completely successful.
Why are attackers targeting backups? If they can successfully compromise these critical data copies, the victim's ability to recover data under their own steam will be severely impacted. The thinking is, if they can take these down, then the victim will be forced to pay the ransom.
And it's working.
Rubrik Labs Research also found that of the Australian firms hit with a ransomware attack last year, more than 90 per cent paid the ransom to recover their data.
While paying an attacker may allow a business to recover its data or stop a threat, it also supports the cybercrime business model. If a ransomware attack works once, what's going to stop it working again, and again, and again. Paying a ransom just fuels the fire.
These payments may have previously gone unreported, however late last month the federal government introduced mandatory ransomware payment reporting requirements. This could change the calculus for local organisations as they seek to avoid the reputational risk of payments going public.
Unfortunately, despite best efforts, there is no silver bullet to protect against every single cyberattack. You can't prevent the unpreventable. So the only thing that matters is how quickly you can recover.
There are many reasons why the frequency of cyberattacks, like ransomware, are increasing. These include the rising use of AI by cybercriminals, more sophistication of attacks, significant financial incentives, uneasy geopolitical climates, digitisation of organisations, and the shortage of cybersecurity professionals.
With this in mind, adopting a preemptive recovery posture - one that recognises a motivated attack will eventually be successful - organisations can take the initiative and recover faster than attackers can adapt.
So, it is imperative to be prepared with a recovery plan. To prepare for the worst. To adopt an "assumed breach" mindset.
In short, cyber resilience strategies reduce the severity of ransomware threats. Even if an organisation's systems are breached and held to ransom, secure backups ensure the business can quickly assess the scale of the breach, understand the scope of the compromise, and rapidly recover operations - all without paying a ransom.
This will lead to a decline in Australian businesses paying out ransoms and perpetuating the cybercrime business model. If the nation is no longer seen as a soft target, if robbers never come away with any loot, they'll shift their attention elsewhere - or better yet, leave the looting life behind.
Just like trains in the Wild West, businesses need multiple defences. Even if the thieves make it onto the train, past the guard and get through the locked door, it's not like valuables are out in the open waiting to be taken. They're in safes, requiring different keys and combinations to open. Cyber resilience strategies are an organisation's impenetrable safe - ensuring the crown jewels and critical backups needed to keep the train in motion are out of an attacker's reach.
It wasn't too long ago that the criminal enterprise of choice would see thieves jump aboard a moving train, navigate the carriages, neutralise the guards, get through locked doors, and ransack the locomotive of its valuable jewels and gold. In 2025, there is a similar motive at play, but the heists have shifted from the Wild West to the World Wide Web.
Cyberattacks are today's great train robberies and they're increasingly common. Recent research from Rubrik Zero Labs found 92 per cent of Australian organisations experienced a cyberattack last year, and the attackers are only growing more sophisticated.
Ransomware is one of the most common types of cyberattacks, comprising 20 per cent of all attacks, and those behind them do not discriminate. According to the same Rubrik Zero Labs' research, attackers have evolved, with 78 per cent of Australian victims reporting the threat actors were able to at least partially harm backup and recovery options. In more than a third (35 per cent) of cases, the attackers were completely successful.
Why are attackers targeting backups? If they can successfully compromise these critical data copies, the victim's ability to recover data under their own steam will be severely impacted. The thinking is, if they can take these down, then the victim will be forced to pay the ransom.
And it's working.
Rubrik Labs Research also found that of the Australian firms hit with a ransomware attack last year, more than 90 per cent paid the ransom to recover their data.
While paying an attacker may allow a business to recover its data or stop a threat, it also supports the cybercrime business model. If a ransomware attack works once, what's going to stop it working again, and again, and again. Paying a ransom just fuels the fire.
These payments may have previously gone unreported, however late last month the federal government introduced mandatory ransomware payment reporting requirements. This could change the calculus for local organisations as they seek to avoid the reputational risk of payments going public.
Unfortunately, despite best efforts, there is no silver bullet to protect against every single cyberattack. You can't prevent the unpreventable. So the only thing that matters is how quickly you can recover.
There are many reasons why the frequency of cyberattacks, like ransomware, are increasing. These include the rising use of AI by cybercriminals, more sophistication of attacks, significant financial incentives, uneasy geopolitical climates, digitisation of organisations, and the shortage of cybersecurity professionals.
With this in mind, adopting a preemptive recovery posture - one that recognises a motivated attack will eventually be successful - organisations can take the initiative and recover faster than attackers can adapt.
So, it is imperative to be prepared with a recovery plan. To prepare for the worst. To adopt an "assumed breach" mindset.
In short, cyber resilience strategies reduce the severity of ransomware threats. Even if an organisation's systems are breached and held to ransom, secure backups ensure the business can quickly assess the scale of the breach, understand the scope of the compromise, and rapidly recover operations - all without paying a ransom.
This will lead to a decline in Australian businesses paying out ransoms and perpetuating the cybercrime business model. If the nation is no longer seen as a soft target, if robbers never come away with any loot, they'll shift their attention elsewhere - or better yet, leave the looting life behind.
Just like trains in the Wild West, businesses need multiple defences. Even if the thieves make it onto the train, past the guard and get through the locked door, it's not like valuables are out in the open waiting to be taken. They're in safes, requiring different keys and combinations to open. Cyber resilience strategies are an organisation's impenetrable safe - ensuring the crown jewels and critical backups needed to keep the train in motion are out of an attacker's reach.
