Ransomware attacks in Australia soar by 110%, says Zscaler report

Zscaler has reported a significant increase in ransomware attacks, with a sharp rise particularly observed in Australia across several critical sectors.

The Zscaler ThreatLabz 2025 Ransomware Report revealed that ransomware attacks blocked by the Zscaler cloud increased by 146% globally over the past year, marking the steepest rise in recent years. The report also identified a 70% increase in public extortion cases and a 92% surge in data exfiltration volumes during the same period. The United States remains the leading target for ransomware, while Australia ranks eighth globally and second within the Asia-Pacific region, with incidents in Australia up by 110% year-over-year.

According to the report, the manufacturing, healthcare, and government sectors in Australia have been the most heavily impacted. Attackers appear to be increasingly focusing on high-value targets and sectors where operational disruption can have significant consequences.

Shifts in attacker strategy

The shift in attacker focus over the past year is evident in the large increase in stolen data volumes. The data volume exfiltrated by ten major ransomware groups grew from 123 terabytes (TB) to 238TB, a 92% increase. Attackers have increasingly prioritised data theft and extortion over data encryption, with sensitive information being leaked online when victims refuse to pay ransoms. This change in tactic amplifies the impact of ransomware attacks, exposing organisations to reputational damage, regulatory action, and loss of customer trust, in addition to immediate operational disruptions.

Ransomware attacks are now seen as involving long-term risks that extend beyond the initial incident. The repercussions for organisations include ongoing challenges to their reputation and operations. Regulatory fines and the erosion of customer trust pose further challenges for businesses seeking to recover from these events.

Australian landscape

Australia experienced one of the largest year-over-year increases in ransomware incidents worldwide, with reported attacks rising from 73 to 153. These figures reflect how malicious actors are broadening their target list to include countries investing heavily in digital transformation and expanding critical infrastructure. The presence of healthcare vulnerabilities has also made Australian organisations more attractive to cybercriminals.

Within Australia, the manufacturing sector recorded 1,063 attacks, while the technology and healthcare sectors reported 922 and 672 attacks respectively. The report also noted an over 900% increase in attacks on the oil and gas sector globally, attributed to expanded attack surfaces resulting from automation and legacy security practices.

"The sharp rise in ransomware attacks in Australia reinforces a critical truth that no organisation is immune and no region is off-limits," said Heng Mok, CISO-in-Residence, Asia Pacific & Japan at Zscaler. "This escalation reflects not just a growing number of adversaries, but the increasing sophistication of their tactics, often powered by GenAI. Leveraging AI tools such as ChatGPT and other dark web variants means that threat actors, regardless of sophistication level, can create more efficient, scalable and automated attacks democratising both the effort and costs of an attack. Now is the moment for businesses and government leaders across ANZ and APAC to reassess their cyber resilience and business aligned cyber strategies. What's required is a fundamental shift in strategy towards a modern defensible architecture, one that embraces Zero Trust as the new foundation for security."

Ransomware groups and evolving methods

The report details the activity of major ransomware groups. RansomHub was identified as the most active group globally, claiming 833 publicly named victims. Others, including Akira – linked to 520 victims – and Clop, with 488 victims, have also increased their attack reach. These groups have made use of affiliates, initial access brokers, and supply chain vulnerabilities to broaden their campaigns. The Zscaler ThreatLabz team tracked 34 new ransomware families in the past year, bringing the total monitored to 425 since tracking began.

Zscaler reported that ransomware attacks thrive in environments where security measures are fragmented, visibility is limited, and legacy systems prevail. Their Zero Trust Exchange model is outlined as a means to minimise attack surfaces, prevent initial compromise, eliminate lateral movement within networks, and block data exfiltration. The architecture incorporates AI-driven techniques including breach prediction, phishing detection, inline sandboxing, dynamic risk-based policy, data discovery and classification, and data loss prevention controls.

Geographical patterns

Leak site data showed that 50% of ransomware attack victims were based in the United States, followed by Canada and the United Kingdom. The US saw its number of attacks more than double to 3,671. Australia ranked as the eighth most impacted nation globally and second in the APAC region for ransomware attacks during the research period.

The research underpinning these findings was conducted by analysing data collected from April 2024 to April 2025. The ThreatLabz team examined information from the Zscaler global cloud as well as their own ransomware sample and attack data analyses.

The report recommends that organisations adopt comprehensive Zero Trust strategies to defend against the evolving threat landscape. According to ThreatLabz, designing security architecture with zero implicit trust and incorporating AI-driven protections is essential for mitigating the risk of ransomware, particularly as tactics continue to evolve and target high-value global economies and critical infrastructure sectors.