Ransomware Attack? Here’s What Every Australian Business Must Do Within 72 Hours

The surge in ransomware attacks across Australia has made rapid and effective responses critical for businesses. A delayed or disorganised response can escalate the damage, increase downtime, and expose your business to legal and financial consequences.

Being prepared and knowing exactly what to do in the first hours after an incident is often the difference between a controlled recovery and a costly crisis.

According to the Australian Signals Directorate (ASD), ransomware incidents accounted for approximately 11% of all reported cybersecurity incidents in the 2023–2024 financial year. With the introduction of the Cyber Security Act 2024, businesses are now mandated to report any ransomware payments within 72 hours, emphasising the importance of prompt action.

‍

What do businesses in Australia need to do when dealing with a ransomware attack?

This guide outlines the essential steps to ensure compliance and mitigate potential damages to your business.

‍

Step 1. Report the Incident Immediately

When a ransomware attack occurs, time is of the essence. Promptly reporting the incident ensures you receive immediate support and remain compliant with legal obligations.

If you've been hit by ransomware, your first step is to report it to the relevant authorities:

• Call the Australian Signals Directorate Hotline: 1300 CYBER1 (1300 292 371) for direct assistance.
• Report Online via ReportCyber: Submit the incident at cyber.gov.au using the official ReportCyber portal.
  You'll be required to provide:
  • A description of the incident, including how it occurred
  • When the incident was first detected
  • Systems or data affected
  • Any ransom demands or communications from attackers
  • Whether a ransom was paid or considered
• Notify Other Relevant Bodies:
  • IDCARE for identity recovery assistance
  • Your bank if financial data is at risk
  • Scamwatch through the National Anti-Scam Centre

‍

‍

Step 2. Never Pay the Ransom

It may be tempting to pay and move on, but doing so rarely guarantees a resolution. Paying a ransom only funds criminal operations and may expose your business to repeated attacks.

• There are no guarantees: Paying doesn’t ensure your data will be restored or kept private.
• Focus on recovery: Use clean, secure backups or consult cybersecurity experts to begin remediation.

‍

‍

‍

Step 3. Contain the Threat and Begin Recovery

The next priority is limiting the damage. Isolating affected systems and beginning a controlled recovery process can significantly reduce both downtime and data loss.

• Isolate affected devices: Disconnect them from the network immediately.
• Restore safely: Use clean backups only and ensure they are not also compromised.
• Follow ACSC Guidelines: Refer to official incident response guidance for structured steps.

‍

Step 4. Comply With the Cyber Security Act 2024

From 30 May 2025, ransomware reporting becomes mandatory under federal law. Understanding your obligations under the Act is critical to avoiding penalties and protecting your organisation’s reputation.

• Who must report: Businesses with over $3 million in turnover or who manage critical infrastructure
• What must be reported: Any ransomware payment made, within 72 hours
• Where to report: Submit via the Cyber Incident Reporting Portal
• Penalties for non-compliance: These may include regulatory enforcement, fines, and loss of stakeholder trust.

‍

Step 5. Document Everything for Compliance

Accurate and thorough records of the incident and your response actions are essential. This documentation may be required for legal audits, insurance claims, and demonstrating compliance with the Act.

• Keep a detailed log of actions taken, including reporting timelines, communications with ACSC, and recovery processes.
• This documentation is essential for audits, insurance claims, and legal obligations.

‍

Step 6. Harden Your Defences Post-Attack

After recovery, focus on strengthening your cybersecurity posture. This includes reviewing policies, implementing better tools, and preparing your team to prevent future incidents.

• Review and audit your security policies and incident response procedures
• Implement MFA, keep all software patched, and segment sensitive data
• Educate your team with simulated phishing exercises and security training
• Adopt proactive cybersecurity tools like DefenderSuite for real-time threat detection, endpoint protection, and compliance tracking

‍

Here are Key Resources for Businesses Dealing with Ransomware Attacks and Demands

Need Help With Compliance?

At Superior IT, we specialise in helping Australian businesses strengthen their cybersecurity defences and meet their obligations under the Cyber Security Act 2024. From ransomware response planning to regulatory reporting, we support you in staying compliant, protecting your operations, and communicating effectively with relevant authorities.

Call Us: 1300 93 77 49

Email: info@superiorit.com.au

Explore DefenderSuite: https://www.superiorit.com.au/defendersuite-au