January 2025 Australian Ransomware Update

You are here :
  • Home
  • Media
  • January 2025 Australian Ransomware Update
January 2025 Australian Ransomware Update Video
By Tyler W
February 04, 2025

January 2025 Australian Ransomware Update

Cyberwise Australian Ransomware Update: January 2025

Hello and welcome to the Cyberwise Australian Ransomware Update for January 2025. This month started with a bang, surpassing November’s record high by hitting a total of 16 reported ransomware incidents. Cybercriminals are clearly ramping up their attacks on businesses large and small—and we’re here to give you the most comprehensive, data-driven analysis available.

Below is our monthly roundup, complete with the numbers and trends shaping Australia’s ransomware landscape.

A Surge in Attacks: 16 Confirmed Incidents

In January, we tracked 16 confirmed ransomware attacks spanning healthcare, logistics, community services, construction, and more. Notably:

  • Over a quarter targeted healthcare providers, reaffirming that medical and personal data remain prime targets.
  • 9 out of these 16 incidents led to stolen data being leaked or partially leaked online—a glaring example of the ‘double extortion’ method many cybercriminals are using.
  • One especially notable event on January 28th resulted in the full release of stolen data almost immediately, highlighting how quickly criminals are willing to expose private information.

Healthcare in the Crosshairs

Healthcare bore the brunt this month: independent medical centers, clinics, and imaging providers faced significant downtime, potentially delaying patient care while also risking the exposure of sensitive patient data. We often see these attacks spread to related suppliers or customers, creating “cluster attacks” within the same industry.

Major Hits on Logistics & Energy

Two high-profile attacks in late January struck a major logistics provider and an energy retailer—both linked to the Clop ransomware group. For at least one victim, Clop has already published the stolen data in full. While we lack official statements on the severity, attacks on large organisations can cause ripple effects in supply chains and often inspire supplementary attacks.

No Organisation Is Too Big or Too Small

Smaller nonprofits and professional services weren’t spared, proving that no entity is immune from ransomware assaults. We’ve seen time and again how these groups—often with limited IT resources—can become prime targets.

Top Ransomware Groups This Month

We identified at least nine active ransomware groups in January:

  1. Morpheus
  2. Lynx
  3. Incransom
  4. Moneymessage
  5. Safepay
  6. Spacebears
  7. DragonForce
  8. Clop
  9. Babuk2

Some appear to be rebrands of existing groups, while others are well-known operators continuing their campaigns. Phishing, unpatched software exploits, and social engineering remain the most common methods for initial access.

Ransom Payments & Negotiations

  • One Incransom victim’s details disappeared from the group’s leak site—indicating a ransom may have been paid.
  • Clop’s website doesn’t list the major energy retailer they reportedly hit, suggesting an ongoing negotiation or potential payment.
  • Multiple victims remain in an active negotiation window, so their stolen data hasn’t been publicly exposed… yet.

Key Trends & Takeaways

  1. Full Data Leaks on the Rise
    In 9 confirmed cases, threat actors posted stolen data online—often containing personal identifiable information (PII) and sensitive corporate documents.

  2. Healthcare Still a Target
    With four confirmed breaches, criminals see healthcare data as both lucrative and, unfortunately, relatively easy to exploit.

  3. Ransom Payment Indicators
    Victim names disappearing from leak sites is a common sign of a successful ransom payment, though not an infallible one. Encouragingly, we’re seeing fewer organisations choose to pay.

  4. Supply Chain & Infrastructure
    Clop’s hits on logistics and energy underscore a focus on high-value operations where disruptions can cascade. This, combined with Ransomware as a Service (RaaS), means no sector is off-limits.

Protecting Your Organisation

While no single defense is foolproof, these four essential measures can help you reduce risk:

  1. Employee Training

    • Phishing remains a top threat. Regularly train staff to recognise and report suspicious emails.

  2. Regular Updates & Patches

    • Proactively fix known vulnerabilities, limiting the “open doors” attackers can exploit.

  3. Offline Backups

    • Adopt the 3-2-1 backup rule (3 copies of your data, 2 stored offline, 1 offsite) to avoid losing everything if production data is encrypted.

  4. Segmentation & Access Controls

    • Limit lateral movement. A least privilege access mindset can significantly contain an intrusion if attackers breach one part of your network.

Even if attackers manage to steal data, these measures help organisations respond faster and mitigate the overall damage.

Wrapping Up January 2025

That’s the latest on Australia’s ransomware landscape for January 2025. We’ll continue to track evolving threats, monitor leak sites, and report on the fallout from these attacks. If you found this information valuable, please like, share, and subscribe for more insights.

Until then, stay vigilant—and stay Cyberwise.

Have Questions or Updates?

Get our latest Media Releases & stay informed & up to date.
60ed82d99a91e_about-cta.png