Australia’s strong economy and high per-capita wealth have made it a prime target for ransomware groups, with the country facing a disproportionate number of attacks compared to many other nations.
In 2025 alone, Australian organizations have been hit by 71 ransomware incidents, far exceeding the nine attacks recorded in neighboring New Zealand. Despite the difference in volume, both countries have seen ransomware activity this year, including attacks with notable supply chain implications.
Globally, ransomware attacks tend to be more frequent in regions like the U.S., Canada, and Europe. However, when adjusted for population size, Australia’s ransomware threat is particularly acute.
For example, Italy has been hit by 118 ransomware incidents so far in 2025, the fifth highest worldwide, yet Italy’s population is more than twice that of Australia. With Australia ranked 13th globally in GDP but only 55th in population, its economic prosperity has positioned it as an especially lucrative target for ransomware groups seeking financial gain.
Unlike many regions where a single ransomware group dominates, the ransomware landscape in Australia and New Zealand is more fragmented. The groups Qilin, Akira, and INC have each claimed responsibility for eight attacks in the region this year, with Lynx and Dragonforce also actively involved.
The most frequently targeted sectors in Australia and New Zealand are professional services and healthcare. However, at least eight other industries have experienced three or more ransomware incidents in 2025.
Major Ransomware Attacks in Australia and New Zealand in 2025
Several notable ransomware incidents have made headlines across Australia and New Zealand this year, involving various industries and extensive data breaches:
- Akira Ransomware Group: Responsible for attacking an Australian company specializing in operational technology (OT) and industrial control systems (ICS). The group claimed to have stolen 10GB of corporate data, including sensitive employee documents such as passports, driver’s licenses, medical records, birth and death certificates, alongside contracts, financial records, and project files.
- Australian Political Party Breach: In June 2025, a ransomware attack compromised an Australian political party’s servers. The attackers accessed email correspondence, documents, phone numbers, identity records, banking details, and employment history.
- Dragonforce Group: Leaked over 100GB of data from an Australian engineering firm. The stolen information included site reports, customer data, detailed technical equipment drawings, and employee medical records.
- Arcus Media: Claimed an attack on an Australian IT company that develops flight simulation and aviation training software. While no data samples were released, the incident raised concerns over aviation-related cybersecurity.
- VanHelsing Ransomware: Targeted an Australian medical technology company focusing on sleep diagnostics and neurological monitoring. The group shared evidence, including U.S.-based staff passport scans, credit applications, product and testing data, and employee information.
- RansomHub Group: Claimed a breach of an Australian pharmaceutical firm engaged in healthcare product manufacturing and distribution, alleging theft of 40GB of sensitive data.
- Akira: Akira also claimed to breach an Australian process engineering company, resulting in the theft of 26GB of data, including employee and customer contact details, internal communications, and financial documents.
- Qilin Group: Targeted an Australian steel industry company, reportedly stealing 11GB of data covering over 23,000 files, including financial documents and internal correspondence.
- Play Ransomware Group: Attacked a New Zealand-based SaaS company specializing in billing solutions. Though the volume of stolen data was not disclosed, it reportedly included confidential client information, budgets, payroll, tax records, and identification documents.
- Chaos Ransomware: Leaked nearly 3GB of data from an international instrumentation company operating significantly in New Zealand. The compromised files included technical manufacturing details such as PCB corrections, SMT programming, and RoHS compliance information.
The Unique Threat Environment in Australia and New Zealand
Australia and New Zealand face a distinct ransomware threat, with Australia experiencing numerous attacks across various sectors and multiple active ransomware groups. New Zealand’s interconnectedness through global supply chains also exposes it to cybersecurity risk.
To effectively counter these cyber threats, organizations must adopt strong cybersecurity measures such as zero trust models, asset segmentation, and continuous monitoring. Platforms like Cyble’s AI-native cybersecurity solutions provide real-time threat intelligence, proactive attack surface management, and autonomous incident response.
