Ransomware Defence & Protection
Ransomware Protection for Australian and New Zealand Organisations
Ransomware is the most disruptive cybercrime threat facing organisations across Australia and New Zealand today. Insicon Cyber provides the expert advisory, continuous monitoring, and rapid incident response your organisation needs before, during, and after an attack.
What is ransomware and how does it affect Australian and New Zealand organisations?
Ransomware is malicious software that encrypts an organisation's files and data, rendering systems inoperable until a ransom is paid. Modern ransomware attacks also exfiltrate sensitive data before encryption, giving attackers a second lever: threatening to publish stolen information publicly if the ransom is not paid.
The Australian Signals Directorate (ASD) responded to 138 ransomware incidents in FY2024-25, making ransomware the single most disruptive cybercrime threat to Australian organisations. Across the Tasman, New Zealand's National Cyber Security Centre (NCSC) recorded 88 ransomware reports in 2024/25, up from 63 the year before. The average cost of cybercrime for Australian businesses rose 50 per cent to $80,850, with large businesses reporting an average cost of $202,700, up 219 per cent.
Ransomware attacks cause operational shutdowns, regulatory breaches, reputational damage, and direct financial loss. With the Cyber Security Act 2024 now in force in Australia, organisations with annual turnovers above $3 million must also report ransomware payments to the Australian Government within 72 hours.
The ANZ Ransomware Threat Landscape
The numbers from Australia and New Zealand's own government agencies tell the story. Ransomware is accelerating. Attacks are more sophisticated. And the consequences are becoming far more severe.
138
Ransomware incidents responded to by ASD's ACSC in FY2024-25
ASD Annual Cyber Threat Report 2024-25
$202,700
Average cybercrime cost for large Australian businesses, up 219%
ASD Annual Cyber Threat Report 2024-25
88
Ransomware reports to NZ's NCSC in 2024/25, up 40% year-on-year
NCSC Cyber Threat Report 2025
53%
of NZ small-to-medium enterprises experienced a cyber threat in the first half of 2025
NCSC Cyber Threat Report 2025
Recent ransomware incidents affecting Australia and New Zealand
- MediSecure (Australia, 2024) — Ransomware actors encrypted a database holding sensitive health data. Over 12 million transactional records across four years were breached, affecting millions of Australians.
- NZ health sector organisation (2025) — Many servers and endpoint devices were encrypted. A large volume of data was stolen. The NCSC determined a lack of multi-factor authentication (MFA) on a key service enabled initial access. The organisation recovered because it had completed system backups one hour prior to the attack.
- NZ agriculture producer (2024/25) — IT infrastructure infected with ransomware, halting production entirely and causing significant operational disruption.
- BianLian ransomware group — Actively targeting Australian critical infrastructure, professional services, and property development organisations. Sanctioned by ASD in collaboration with the FBI and CISA.
Australian organisations now have mandatory ransomware reporting obligations
The Australian Government introduced a mandatory ransomware reporting regime on 30 May 2025 under the Cyber Security Act 2024. If your organisation has an annual turnover above $3 million, or is responsible for critical infrastructure, you are required to notify the Australian Government when a ransomware payment is made.
This regime is separate from your obligations under the Privacy Act 1988 (notifiable data breaches) and APRA CPS 234 (for regulated financial institutions). In New Zealand, similar notification obligations apply under the Privacy Act 2020. Failing to meet these obligations compounds the regulatory and reputational consequences of an attack.
Insicon Cyber can prepare your organisation for these obligations before an incident occurs. Our Fractional CISO and Managed Compliance services help you understand your reporting framework, establish breach response procedures, and ensure your leadership team is ready to act within regulatory timeframes.
How ransomware attacks unfold
Modern ransomware follows a predictable sequence. Every stage is an opportunity for early detection and disruption.
Stage 1
Initial Access
Phishing emails, exposed remote services, or stolen credentials. In ASD data, compromised credentials and external remote services are the most common entry points in ransomware incidents.
Stage 2
Lateral Movement
Attackers move quietly through your network, harvesting credentials and mapping systems. This phase can last days or weeks before encryption begins.
Stage 3
Data Exfiltration
Sensitive data is stolen before encryption. Most significant ransomware incidents handled by New Zealand's NCSC in 2024/25 involved confirmed or suspected data exfiltration.
Stage 4
Encryption and Extortion
Files and systems are encrypted. Ransomware-as-a-Service (RaaS) models mean attackers now include professional negotiators. Backups are often deleted first.
Stage 5
Regulatory and Reputational Fallout
Mandatory reporting obligations activate. Privacy regulator notification may be required. Customers, partners, and the media are informed. Recovery costs accumulate over weeks and months.
How Insicon Cyber protects your organisation against ransomware
Ransomware defence is not a single product. It requires strategy, continuous monitoring, and a proven response capability. Insicon Cyber delivers all three, for organisations across Australia and New Zealand.
Ransomware Readiness Assessment
A structured assessment of your organisation's exposure to ransomware attack vectors, mapped to the ASD Essential Eight. We identify critical gaps in backup integrity, access controls, patching cadence, and incident response capability before attackers find them.
Recommended for boards, CEOs, and CFOs seeking independent assurance of their ransomware posture.
Essential Eight Advisory
The ASD Essential Eight is Australia's benchmark for ransomware defence. Insicon Cyber guides organisations through maturity assessment and uplift across all eight strategies: application control, patching, macro restriction, user application hardening, restricted admin privileges, MFA, regular backups, and patching operating systems.
Applicable for Australian organisations. New Zealand organisations are supported under NZISM equivalents.
Adaptive SOC (aSOC) — 24/7 Threat Detection
Our adaptive SOC is built and operated from North Sydney with Australian data sovereignty. Ransomware attackers often dwell inside networks for days or weeks before encrypting data. Our aSOC detects the early indicators of compromise and responds before the attack reaches its destructive phase.
24/7 monitoring. Australian data residency. Trans-Tasman coverage.
Fractional CISO and Board Advisory
Most mid-market organisations lack a full-time CISO, yet boards face increasing accountability for cyber resilience under APRA CPS 230 and CPS 234, the Privacy Act, and the Cyber Security Act 2024. Our CISO-as-a-Service provides the senior leadership your board needs without the overhead of a permanent executive hire.
Board-ready reporting. Regulatory alignment. Direct access to senior expertise.
Ransomware Incident Response
If your organisation has been hit, or you suspect you are under attack right now, Insicon Cyber provides structured incident response. We help contain the breach, preserve evidence, meet mandatory reporting obligations, and begin the recovery process. We also conduct post-incident reviews to understand root cause and prevent recurrence.
Immediate support for organisations across Australia and New Zealand. Contact: info@insiconcyber.com
Managed Compliance
We help your organisation build and maintain the compliance posture required by the Cyber Security Act 2024, APRA CPS 234, the Privacy Act 1988, New Zealand's Privacy Act 2020, and NZISM. This includes establishing your ransomware payment reporting procedures before you need them.
ISO 27001, Essential Eight, NZISM. Trans-Tasman coverage as standard.
How the Essential Eight protects against ransomware
The ASD Essential Eight is the Australian Government's recommended baseline for organisations seeking to protect against ransomware and other cyber threats. It comprises eight mitigation strategies that, when implemented at an appropriate maturity level, significantly reduce an organisation's likelihood of suffering a successful ransomware attack.
The strategies most directly relevant to ransomware defence are:
Regular Backups
Tested, isolated backups are your primary recovery mechanism. Attackers specifically target and delete backups before encrypting production data.
Multi-Factor Authentication
The NZ health sector incident confirmed it: a lack of MFA on one service was all it took to enable initial access. MFA is non-negotiable on all remote services and privileged accounts.
Restrict Administrative Privileges
Limiting admin access limits the blast radius of a breach. If attackers cannot elevate privileges, they cannot spread ransomware across the environment.
Patch Applications and Operating Systems
Exploiting unpatched systems is a primary initial access technique. Timely patching closes the window before attackers can use publicly known vulnerabilities.
Application Control
Preventing unapproved applications from executing blocks ransomware payloads from running even if an attacker achieves initial access.
Restrict Microsoft Office Macros
Malicious macros embedded in Office documents remain a common ransomware delivery mechanism, particularly in phishing campaigns targeting Australian and New Zealand businesses.
Insicon Cyber provides end-to-end Essential Eight advisory, from initial maturity assessment through to uplift implementation and ongoing managed compliance. For New Zealand organisations, we align equivalent controls to the New Zealand Information Security Manual (NZISM).
We work with organisations across Australia and New Zealand where ransomware impact is highest
Healthcare and Aged Care
High-value patient data. Aged Care Act 2024 obligations. Regulatory and reputational exposure.
Financial Services
APRA CPS 230 and CPS 234. Mandatory breach notification. Business continuity obligations.
Professional Services
Sensitive client data. Targeted by BianLian and similar groups for high-value intellectual property.
Critical Infrastructure
SOCI Act obligations. Energy, transport, water, and logistics sectors under active targeting.
Mid-Market Businesses
No dedicated CISO. $3M+ turnover reporting obligations. Disproportionate exposure relative to internal capability.
Frequently asked questions about ransomware protection in Australia and New Zealand
Do Australian businesses have to report a ransomware attack?
Yes, in certain circumstances. Australia's Cyber Security Act 2024 introduced a mandatory ransomware reporting regime commencing 30 May 2025. Organisations with annual turnovers above $3 million, and entities responsible for critical infrastructure, must notify the Australian Government when a ransomware payment is made. Separately, if personal information is compromised, a notifiable data breach report may also be required under the Privacy Act 1988. APRA-regulated organisations face additional obligations under CPS 234.
What should my organisation do right now to protect against ransomware?
The ASD recommends implementing the Essential Eight as the primary baseline. The three most critical steps for ransomware defence are: (1) ensure you have tested, isolated, and regularly verified backups that cannot be deleted by attackers; (2) implement MFA across all remote access services and privileged accounts; and (3) maintain a current patching programme for all applications and operating systems. Beyond these technical controls, your board should understand the organisation's ransomware posture and your leadership team should have a practised incident response plan.
What should we do if our organisation is hit by ransomware?
Do not pay the ransom without taking legal and cybersecurity advice first. Immediately isolate affected systems to prevent further spread. Preserve system logs and forensic evidence. Contact a specialist cybersecurity incident response provider. In Australia, report to the ASD via ReportCyber at cyber.gov.au. In New Zealand, report to CERT NZ at cert.govt.nz. If a ransom payment is made and your organisation meets the reporting threshold, you must notify the Australian Government within 72 hours under the Cyber Security Act 2024. Insicon Cyber can support your organisation through each of these steps.
Should we pay the ransom?
Payment is generally not recommended. New Zealand's NCSC notes that many organisations that pay a ransom do not recover their data or regain access to their systems, and sometimes face further extortion demands. Paying also signals that your organisation is willing to pay, potentially making you a future target. The Australian Government and the ASD strongly discourage ransom payments. The focus should be on containment, recovery from backups, and working with incident response specialists. If payment is being considered, seek independent legal and cybersecurity advice before proceeding.
What makes Insicon Cyber different from other cybersecurity companies in Australia?
Insicon Cyber is a trans-Tasman cybersecurity advisory and managed services firm headquartered in North Sydney. We provide strategic board-level advisory and operational 24/7 security monitoring under one roof, eliminating the gap between strategy and execution that leaves many organisations exposed. We operate as Fractional CISOs, giving mid-market organisations direct access to senior expertise. Our Adaptive SOC (aSOC) provides 24/7 threat detection with Australian data sovereignty. We hold ISO 27001 certification.
Are small and medium businesses at risk from ransomware in Australia and New Zealand?
Yes. New Zealand's NCSC reported that 53 per cent of New Zealand SMEs experienced a cyber threat in the first half of 2025 alone, a significant increase from 36 per cent in 2024. The Ransomware-as-a-Service (RaaS) model has dramatically lowered the technical barrier for attackers, meaning smaller organisations are now targeted at scale using automated vulnerability scanning. The average cost of cybercrime for Australian businesses reached $80,850 in FY2024-25. Many mid-market organisations lack a dedicated CISO or security operations capability. Insicon Cyber's Fractional CISO and aSOC services are specifically designed for organisations in this position.
Why organisations across Australia and New Zealand trust Insicon Cyber
ISO 27001 Certified
We hold the same certifications we help clients achieve.
Google Cloud Partner
aSOC powered by Google SecOps. Australian data residency.
Benchmark Security Award
Winner, Retail Cyber Security Partner of the Year 2025 (iTnews).
Australian Cyber Awards Finalist
Cyber Consulting Business of the Year (SME) and CISO of the Year 2026.
Trans-Tasman Coverage
Headquartered in North Sydney. Serving clients across Australia and New Zealand.
Find out how exposed your organisation really is
Our Ransomware Readiness Assessment gives your board and leadership team an honest, evidence-based view of your current exposure, mapped to the ASD Essential Eight. No jargon. No vendor push. Just clear advice from senior practitioners who have seen these attacks up close.
North Sydney, NSW, Australia | info@insiconcyber.com | insiconcyber.com