A recent analysis from the 2023 Australian Cybercrime Survey reveals a troubling rise in ransomware attacks. Nearly 5% of respondents reported receiving a ransom demand on their devices over the past year, a significant increase from 2.1% just two years ago.

The survey also highlights that individuals who have been targeted once are often targeted again, especially if they comply with the extortionists’ demands. This pattern is particularly evident among small to medium enterprise (SME) owners.

SME owners appear more susceptible to repeated attacks, with many having previously paid ransoms. Experts emphasize the importance of strong communication to discourage these payments, which can lead to further victimization.

While some cybercriminals use ransomware to target large corporations in what’s known as “big game hunting,” the survey authors point out that most attacks are directed at SMEs, underscoring their vulnerability in the digital landscape.

While some scammers use ransomware – malicious software that encrypts or blocks access to files until a user has paid a ransom – to go “big game hunting” for large companies, the authors noted the majority went after SMEs.

Those in the multibillion-dollar global industry considered them “lucrative targets” due to generally having less sophisticated cybersecurity but enough revenue, data and access to other potential victims to be worthwhile.

Voce and Morgan found that among the 331 victims studied, the amount of money demanded was often relatively small, a mean of about $12,000 for business owners and $7000 for others. The median figure was much lower, less than $500 for almost 60 per cent of victims.

But the researchers stressed how important it was to push out stronger messaging of the government’s advice to never pay a ransom, particularly in light of the “sucker lists” cybercriminals reportedly share among themselves featuring individuals and organisations who have made previous payments.

“Importantly, over 40 per cent of SME owners had paid in response to one of these previous ransom messages, a significantly higher proportion than among other victims,” the report found.

“SME owners were also more likely to have paid following the most recent ransomware incident. 

“This fuels the ransomware business model and can make SME owners appear to be easy to scare and manipulate, increasing their chances of repeat victimisation.”

Business owners (22.6 per cent) were much more likely to have paid the ransom than non-owners (7.6 per cent) but the researchers warned payment was no “guarantee that files and systems will be restored and data will not be sold or shared”.

Scarily, a quarter of ransomware reports to the Australian Cyber Security Centre involved “double extortion”, where victims were also pushed for money to stop their information leaking. 

The report called for better education about how to spot and avoid suspicious links, respond to third-party data breaches and manage personal devices or working from home, as well as help to help victims remove the malware.

But they warned that was not enough, saying “there must also be technological solutions that can help protect business owners”.