43% of Australian Ransomware Victims Threatened with Physical Harm – New Semperis Report

Study shows many companies paid multiple ransoms in the past 12 months. Victims also report that hackers have threatened to physically harm executives and file regulatory complaints against their companies.

Announcements | ANZ | Cyber Resilience | Reports & Predictions

Posted: Monday, Aug 11

KBI.Media
$
43% of Australian Ransomware Victims Threatened with Physical Harm – New Semperis Report

43% of Australian Ransomware Victims Threatened with Physical Harm – New Semperis Report

Sydney, Australia – 11 August , 2025 – Semperis, a provider of AI-powered identity security and cyber resilience, today published results from its global ransomware study, including specific findings for Australia and New Zealand. The study, which surveyed nearly 1,500 organisations in a variety of industries aims to understand their experience with ransomware over the last 12 months.

The report reveals that ransomware remains a pervasive and increasingly aggressive threat, with local organisations among the hardest hit globally. It was found that in 1 out of 3 attacks targeting ANZ organisations, were hit more than once in the past 12 months, significantly higher than the global average. Meanwhile, 38% of global organisations paid multiple ransoms, and 11% paid three times or more.

The study shows hackers are relentless and ransomware is still a global epidemic. In fact, in 40% of attacks, threat actors threatened to physically harm executives at organisations that declined to pay a ransom demand, and Australia is not immune to this rise in intimidation tactics.

ANZ-Specific Findings:

99% of ANZ organisations operate a Security Operations Centre (SOC), yet 89% admit their SOC is not fully staffed on weekends and holidays.
More than half of the attacks (52%) were deliberately launched on weekends or public holidays, when IT teams were likely understaffed, highlighting the tactical nature of these incursions and the importance of 24/7 cyber vigilance.
80% of ANZ organisations experienced ransomware attacks following business disruptions such as layoffs or mergers (compared to 60% globally).

Alarmingly, 43% of ransomware victims in Australia were threatened with physical harm to company executives if ransom demands were not met, highlighting the growing psychological warfare element of modern cybercrime. This is only slightly below the US figure (46%) and Germany (44%).

The 2025 Ransomware Risk Report: Essential Guidance for Building Operational Resilience Against Cyberattacks found that 47% of attacked companies in the US, UK, France, Germany, Spain, Italy, Singapore, Canada, Australia and New Zealand reported that hackers threatened to file regulatory complaints against them if they didn’t report the incident. In the US, the rate jumped to 58%, a 23% increase, while in Singapore the extortion threat surged to 66%, a jump of 40% and the highest of any country.

In comparing results from last year’s ransomware study, Semperis found slight decreases year over year in companies paying ransoms. Still, 69% of companies that were victimized by ransomware paid a ransom. Unfortunately, 38% of companies paid multiple ransoms and 11% of companies paid three times or more. In the US, 47% of companies paid ransoms multiple times, while in Singapore 50% of companies paid multiple times.

“Ransomware is a scourge on the global economy. A tool of abhorrent criminal gangs that is leveraged to create existential crises for organisations big and small. In our collective fight against it, knowledge is power. That is why last year the Australian Government legislated a reporting requirement for businesses who make payments in response to ransomware attacks. The more we know about this criminal business model, the more informed choices we can make, to make our economies more resilient to the threat and dismantle groups who attempt to use it to prey on our institutions,” said the Honourable Tony Burke MP, Minister for Home Affairs, Minister for Cyber Security, Australia.

“Active Directory is obviously a key vector for attack. If you have been breached, the ability to restore the integrity of your Active Directory, very quickly, is paramount,” said Malcolm Turnbull, former Australian Prime Minister and Semperis Strategic Advisor.

The Ransomware Scourge

Ransomware attacks in Australia continue to be highly coordinated, strategically timed and deeply embedded throughout systems before they are executed. These strikes are not isolated incidents with 57% of Australian victims paying a ransom multiple times in the past 12 months, and 12% paying three or more times. The findings indicate that ransomware attacks are frequent, with 44% of Australian organisations citing cybersecurity threats as the top threat to business resilience.

The major challenge identified by organisations facing cybersecurity threat was the sophistication of attacks (37%), followed by legacy vulnerabilities or technical debt (31%). Nearly 20% of companies that paid a ransom received corrupt decryption keys that were unusable, and in a small number of cases the hackers released the keys but still published stolen data.

“Paying ransoms should never be the default option. While some circumstances might leave the company in a non-choice situation, we should acknowledge that it’s a downpayment on the next attack. Every dollar handed to ransomware gangs fuels their criminal economy, incentivising them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom,” said Mickey Bresman, CEO of Semperis.

What can organisations do to build on successes and increase their resilience against ransomware?

First, organisations should evaluate the security of partners and supply chain vendors as they could be the weakest link. When partners and vendors have access to sensitive systems and data, risk increases. Organisations should also be prepared for changing tactics in ransomware development and deployment and plan regular tabletop exercises to improve ransomware response.

The full ransomware study can be obtained here: Essential Guidance for Building Operational Resilience Against Cyberattacks Semperis is dedicated to helping global organisations defend against cyberattacks of their hybrid identity systems, including Active Directory and Entra ID.

About Semperis

Semperis protects critical enterprise identity services for security teams charged with defending hybrid and multi-cloud environments. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis’ AI-powered technology protects over 100 million identities from cyberattacks, data breaches, and operational errors.

As part of its mission to be a force for good, Semperis offers a variety of cyber community resources, including the award-winning Hybrid Identity Protection (HIP) Conference, HIP Podcast, and free identity security tools Purple Knight and Forest Druid. Semperis is a privately owned, international company headquartered in Hoboken, New Jersey, supporting the world’s biggest brands and government agencies, with customers in more than 40 countries.