Australian Ransomware Update - 5th November 2024

This week we witnessed three identified attacks, from three different groups, with one attack being attributed to each ThreeAM, Sarcoma and Abyss, who attacked a not for profit organisation with significant data set to be exposed. Other evidence proofs on other attacks include MYOB financial records and a fringe benefits tax return. There are still negotiation times set for these attacks, and we will continue to monitor.

With several negotiation periods set to lapse over this past week it does appear that Sarcoma were successful in obtaining ransom from two Australian business victims, with their data being removed. Paying ransom is never advised, and just further facilitates these attacks, and often results in a secondary attack at a later date. It is disappointing to see these ransoms being paid. Conversely, for one of the victims who did not pay the ransom, the entirety of their exfiltrated data has been leaked for public acquisition, which is terrible news. You can see how victims are genuinely in a Catch 22 situation, after a ransomware attack.

In October 2024 we observed 10 ransomware attacks, which is up from the 9 we observed in September 2024. These statistics are just Australian businesses and does not include the individuals that are attacked on a daily basis, or those that will suffer on a personal level from these business attacks.

Ensuring sound protection on our information is absolutely critical and so lets make sure we do not become one of these statistics, and once again, we really do discourage paying the ransom.

We will continue to monitor the ransomware landscape for Australian enterprises and report our findings back to you so we can all improve our opsec.