OpenText report reveals Australia's top ransomware threats

OpenText Cybersecurity has released its "Nastiest Malware of 2024" report, highlighting key ransomware threats impacting Australian infrastructure.

This year's report identifies six predominant ransomware groups affecting Australian organisations, with LockBit, Akira, and RansomHub being particularly prominent. LockBit stands out for its attacks on public sector targets, including a South Australian council. It employs a ransomware-as-a-service model, allowing it to conduct extensive attacks.

Akira has emerged as a critical threat in the healthcare, technology, and finance sectors, employing advanced encryption tactics to disrupt essential services. Meanwhile, RansomHub has recently made headlines for releasing sensitive Australian data on the dark web, significantly risking corporate data and personal privacy.

The increasing sophistication of ransomware tactics presents higher stakes for Australian organisations, particularly in critical sectors. The report emphasises the need for advanced, multi-layered cybersecurity measures, continuous threat monitoring, and regular employee training to address these challenges.

Muhi Majzoub, Executive Vice President and Chief Product Officer at OpenText, commented on this trend: "Ransomware attacks on critical infrastructure are on the rise, and cybercriminals are increasingly using artificial intelligence to develop highly personalised threats, which significantly endangers national security and public safety. However, the increased attention on ransomware and cybersecurity is encouraging, as more organisations are proactively prioritising cybersecurity investments. This commitment highlights their dedication to safeguarding essential services from evolving threats."

The report outlines that LockBit retains its position as the foremost ransomware threat for 2024, continuing to evade extensive crackdowns by law enforcement agencies like the FBI. LockBit has reportedly been involved in 175 attacks on critical infrastructure, indicating its persistent and adaptable nature. The group aims to target one million businesses before ceasing operations.

Akira, notable for its distinctive approach and impactful presence in industries such as healthcare and manufacturing, has quickly climbed the ranks in the ransomware community with its robust encryption techniques and rapid implementation.

RansomHub, believed to have connections to the Black Cat (ALPHV) group, has targeted high-profile entities, including Planned Parenthood, by compromising and threatening to expose sensitive data.

Other significant groups include Dark Angels, who are known for their high-stakes attacks on top-tier targets, achieving ransom payments up to $75 million. Redline Stealer specialises in credential theft, maintaining a persistent threat across numerous sectors. Play Ransomware is recognised for its varied attacks on both public and private sectors, exploiting vulnerabilities such as FortiOS and RDP servers.

As organisations worldwide seek to strengthen cybersecurity measures, investments in this area are projected to increase by 14.3% in 2024, surpassing $215 billion. This reflects a commitment to defending essential services against these increasingly sophisticated threats.