Ahead of Home Affairs Minister Karen Andrews finalising further action to combat ransomware threats and support for businesses, new CyberCX data reveals NSW (38 per cent) and Queensland (32 per cent) were the hardest hit states by ransomware incidents this year.

In a ransomware and cyber extortion guide released on Wednesday, the cyber security firm said “cyber criminals can scale extortion demands to the size of the victim”. CyberCX says extortion demands they have seen this year ranged from $55m to $7000.

CyberCX chief strategy officer Alastair MacGibbon, a former Australian Cyber Security Centre head, called for more resources and action in deploying Australian Police Force personnel offshore to disrupt cyber actors and “go after criminal groups”.

“To me it’s the same as any international drug work. It’s not easy but the AFP has been disproportionately successful on a per capita basis than a lot of countries by taking a classic organised crime investigations approach. I believe that same approach would have strong effect against the criminal groups that are causing harm in our community and others,” he said.

Mr MacGibbon said working with police in overseas jurisdictions and arresting cyber-criminal gang members would give “some sense that there is a price to pay for this and helps disincentivise criminals from attacking certain countries”.

As governments and bigger companies ramp-up cyber defences, CyberCX warned of “a renewed focus on smaller targets” with some criminal cyber outfits lacking the “technical sophistication or risk appetite to target big organisations”. The CyberCX report said “the impact and frequency of all forms of cyber extortion has increased in 2021 (and) all Australian and New Zealand organisations are at risk”.

“Data theft extortion is an increasingly popular crime, both on its own and together with ransomware. In the next 12 months, it may outstrip ransomware as criminals’ preferred method of cyber extortion,” the report said.

Mr MacGibbon said there had been a major shift this year to data exfiltration because criminal gangs knew “they will make a lot more money threatening the release of sensitive information over locking computers”.

Wholesale and retail businesses were hardest hit by cyber extortion in Australia and New Zealand this year, followed by the financial and professional services, engineering, manufacturing and construction and health and aged-care sectors.

Mr MacGibbon warned the business models of criminal groups were evolving and it was imperative those targeted by cyber attacks should not be “victimised”.

“I would like to see us do a lot more to make this environment less permissive to criminals and that means we need to do more to increase the risk to the criminal class and to nation states who are doing us harm,” he said.

More related stories

Commentary

History shows Libs and Nats are better together

Until the Sussan Ley-led Liberal Party and the David Littleproud-led Nationals attempted a kiss-and-makeup pause, both parties were heading for a lose-lose outcome.

Read more

Inquirer

Guess which legal drama grabbed the nation’s attention …

While none of the live-streamed real-life legal battles in the Federal Court of Australia are as outlandish as Boston Legal, not everyone loves this new media development.

Read more