As a vital component of Australia’s economy, the retail sector is increasingly confronted with a daunting challenge: ransomware attacks. The Zscaler ThreatLabz 2024 Ransomware Report highlights a significant uptick in these cyber threats, which not only pose serious financial risks but also affect operations, customer trust, and brand reputation. In a rapidly changing digital environment, understanding the implications of these attacks is essential for retailers looking to safeguard their businesses and customers.

According to the ASD Cyber Threat Report, cyber incidents in Australia now occur every six minutes, with ransomware attacks increasing nearly five-fold since the pandemic. The country has already been hit by several high-profile ransomware incidents, compromising the sensitive data of millions of Australians. If Australia is to achieve its goal of becoming the most cyber-secure nation by 2030, there is still much work to be done, and preparation for emerging threats is essential.

Rising trends in ransomware attacks

The Zscaler ThreatLabz Ransomware report indicates a concerning 18% year-over-year increase in ransomware incidents, with the number of victim companies listed on data leak sites soaring by 57.81% compared to the previous year. The retail and wholesale sectors rank sixth among the most targeted industries globally, with 156 attacks reported.

Additionally, the ThreatLabz team identified more than 5% year-over-year rise in attacks in Australia, making it the 7th most targeted country globally and the top target in the Asia Pacific & Japan region. In 2023, Australia recorded 69 ransomware attacks, which rose to 73 in 2024, marking a 5.80% increase.

For the retail industry specifically, ransomware attacks can lead to major disruptions, including system downtime, data loss, financial damage, and long-lasting harm to customer trust and brand reputation. As retailers become increasingly reliant on digital infrastructure, the impact of these attacks is growing more severe, highlighting the need for enhanced cybersecurity measures.

Notably, the report cites a record ransom payment of US$75 million to the Dark Angels ransomware group, nearly double the highest previously documented ransom. A payment like this is worrying as the success of one ransomware family can encourage other groups to adopt similar tactics, emphasising the critical need for organisations to bolster their cybersecurity measures.

Ransomware attacks are not only increasing in frequency but also in scale. The record ransom to Dark Angels serves as a reminder of the growing threat, and we anticipate that this success will motivate other cybercriminals to pursue similar high-stake tactics. As such, it is critical for organisations to prioritise protection against such financially devastating attacks.

Globally, the most targeted countries for ransomware attacks include the United States (49.95%), followed by the United Kingdom (5.92%), Germany (4.09%), Canada (3.51%), France (3.26%), Italy (3.24%), and Australia (2.00%).

Importance of monitoring ransomware families

Staying informed about the most active ransomware families in ANZ is vital for maintaining a robust security posture for retailers. The report identifies several prominent groups, including LockBit (22%), 8Base (18.52%) and BlackCat (also known as ALPHV) (13.58%).  Blackcat, in particular, has been responsible for 56 attacks in Australia, targeting both corporate and government sectors, where it has stolen sensitive data and encrypted networks before demanding a ransom. 

In the ANZ region, ransomware attacks are hitting industries hard, with Transportation Services (13.79%) and Manufacturing (12.07%) particularly affected. Looking ahead to 2024-2025, key ransomware families to watch include Dark Angels, LockBit, BlackCat, Akira, and Black Basta. Retailers also are exposed to several unique and interrelated threats. Some of the ways how ransomware attacks can affect retailers are:

  • Supply chain disruptions: Ransomware attacks can significantly disrupt supply chains, impacting everything from inventory management to logistics. Retailers may struggle to fulfill orders, leading to stock shortages and increased customer dissatisfaction. Such disruptions can create a ripple effect, harming relationships with suppliers and partners that have been built over time.
  • Reputation at risk: In today’s digital landscape, a retailer’s reputation is paramount. A successful ransomware attack can severely damage a brand’s image, leading to a loss of customer trust and loyalty. As consumers become increasingly aware of data security issues, any breach can have lasting effects on a retailer’s standing in the market.

Investing in cybersecurity

To combat ransomware, retailers must invest in strong security, improve employee training, and foster a culture of vigilance. Proactively addressing these threats is crucial for long-term success and customer trust.

The Australian government also recently introduced the Cyber Security Legislation Package, which will implement seven initiatives under the 2023-2030 Australian Cyber Security Strategy, addressing the legislative gaps and aligning Australia with international best practices to position the country as a global cybersecurity leader. In response, Zscaler also offers solutions that mitigate ransomware risks at every stage using a zero trust security framework:

  • Effectively minimise the attack surface by hiding users, applications and devices behind a cloud proxy, where they are not visible or discoverable from the internet. 
  • Provide extensive TLS/SSL inspection, browser isolation, advanced inline sandboxing and policy-driven access controls via the Zscaler Zero Trust Exchange to prevent user access to malicious websites as well as detect unknown threats before they reach your network.  
  • Facilitate direct connections between users and applications, Zscaler reduces the risk of lateral movements, thereby minimising the potential for widespread infection.
  • Incorporate inline data loss prevention measures, along with full TLS/SSL inspection, effectively guarding against data theft, ensuring data security both in transit and at rest.

As ransomware attacks continue to grow in complexity and frequency, Australia’s retail sector must remain vigilant. The insights from the Zscaler ThreatLabz report underscore the urgent necessity for enhanced cybersecurity measures to combat these escalating threats. With stakes higher than ever, organisations must prioritise robust security strategies to protect their operations and their customers.

Eric Swift is vice president & managing director for Australia & New Zealand at Zscaler.