Protecting your business against ransomware

Anyone can be the victim of a ransomware attack. It isn’t just a threat to big business. Small and medium enterprises are targets too, and the impacts are just as debilitating.

But it doesn’t have to be bad news. There are simple steps Australian businesses can take to avoid becoming the latest victim of a ransomware attack.

What is ransomware?

Ransomware is a damaging type of malicious software (malware) that allows cybercriminals to steal or lock up data until their victims pay a ransom, often through untraceable cryptocurrencies such as Bitcoin. Imagine you can’t take bookings, email your clients or access your computer – this is what can happen to victims of ransomware attacks.

The online aggressors behind these attacks often work in highly organised criminal syndicates and may also threaten to publicly release stolen data unless the ransom is paid.

How serious is the problem?

Right now, cyber criminals are producing ransomware, making high-end hacking tools more available. This means criminals no longer need to be tech savvy.

More sophisticated cybercrime tools in the hands of more cybercriminals means more potential Australian victims, and the Australian Cyber Security Centre (ACSC) has observed an increase in the number of ransomware incidents affecting Australian organisations and individuals.

How to defend yourself against ransomware

Preparation is the key, and it takes just a few moments. The ACSC has released a prevention guide, Ransomware Attacks Prevention and Protection Guide, with simple and practical advice to follow on how you can improve your cyber security practices.

The ACSC's advice for the best way to protect you and your business includes:

Updating software
Storing current backups offline
Enabling multi-factor authentication
Using unique passphrases

What to do if you're a victim of a ransomware attack

The ACSC has launched a new guide, Ransomware Attacks Emergency Response Guide, for victims of a ransomware attack.

It includes simple steps to follow, such as:

Recording important details
Disconnecting devices
Changing passwords

Should you pay the ransom?

Paying the ransom is always a bad idea, even though surveys show some businesses may be willing to pay large ransoms to regain access to encrypted data.

There are no guarantees cybercriminals will give you back your data, or won’t strike again. No one should put their faith in a cybercriminal.

We urge all Australians to ‘act now, stay secure’ by following the easy-to-follow cyber security advice on cyber.gov.au. The ACSC’s expertise can boost everyone’s cyber defences and offers simple steps to help everyone beat the ransomware scourge.

Businesses and organisations are also encouraged to join the ACSC Partnership program to increase cyber resilience and access timely alerts and advice.

Find out more about keeping your business safe

Business security hub