A comprehensive three-year study conducted across Australia, Canada, New Zealand, and the United Kingdom has revealed disturbing trends in ransomware operations, with Australian organisations experiencing 135 documented attacks between 2020 and 2022.
The research, which analysed 865 total ransomware incidents across the four nations, exposes the sophisticated evolution of cybercriminal enterprises and their targeted assault on critical infrastructure.
The study identifies a dramatic shift in the ransomware landscape, with groups increasingly adopting ransomware-as-a-service (RaaS) models that distinguish core operators from commissioned affiliates.
Under this business structure, core groups develop malware and manage victim payments while affiliates handle system compromises and ransom negotiations. This market-based relationship has proven highly adaptable, with affiliates frequently switching between groups based on profit-sharing incentives.
Conti and LockBit Dominate Attack Landscape
Conti emerged as the most prolific ransomware organisation, orchestrating 141 attacks across the study period, while the combined LockBit variants accounted for 129 incidents.
The research reveals that only three groups maintained operations throughout the entire three-year period, with the median operational lifespan for ransomware organisations standing at just 1.36 years. However, larger groups demonstrated greater longevity, with a median of 1.76 active years.
The data shows significant year-over-year fluctuations in attack patterns. In 2020, NetWalker led with 35 attacks before law enforcement interventions dramatically reduced its operations.
By 2021, Conti peaked with 88 attacks, while 2022 saw the emergence of LockBit 3.0 as the dominant threat, responsible for 36 attacks in that year alone.
Industrial Sector Bears Primary Impact
Australian organisations in the industrial sector faced the heaviest targeting, experiencing the highest number of attacks in each year of the study.
The research employed OpenAI’s GPT-3.5-turbo model to classify victim organisations across 13 industry sectors, achieving 89 percent accuracy in sector assignment. Beyond industrial targets, consumer goods, technology, and healthcare sectors emerged as frequent victims.
The study’s methodology combined data from cybersecurity firm Recorded Future with open-source intelligence to create a comprehensive attack database.
Researchers implemented strict ethical protocols, obtaining approval from the Deakin University Human Research Ethics Committee, while ensuring that victim organisations remained de-identified throughout the analysis.
These findings underscore the urgent need for enhanced cybersecurity measures across Australian critical infrastructure, as ransomware groups continue to evolve their tactics and expand their operational capabilities through increasingly sophisticated service-based criminal enterprises.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
.jpg?resize=1068,580&ssl=1&description=Ransomware Groups Australia - A comprehensive three-year study conducted across Australia, Canada, New Zealand, and the United Kingdom.){kind=link}