The Christmas season offers cybercriminals an irresistible opportunity to strike. With skeleton IT crews, distracted staff, and change freezes in effect, organisations become attractive targets for ransomware operators. Ransomware is one of the most disruptive cyber threats facing Australian businesses, encrypting vital systems and stealing data to extort payment. During the holiday period, these attacks can paralyse operations, impact customer confidence, and trigger mandatory data breach notifications. Executives should consider ransomware readiness a top priority before the Christmas break.
Ransomware attacks typically begin with a phishing email, compromised credentials, or exploitation of unpatched systems. Once inside, attackers escalate privileges, move laterally, and deploy encryption across critical servers. Modern ransomware groups also exfiltrate sensitive data before encryption, doubling their leverage by threatening to release the information publicly if ransoms are unpaid.
Over holiday periods, attackers exploit slower response times to entrench themselves. They may disable backups, tamper with logging, and time the encryption event for maximum business disruption, often Christmas Eve or New Year’s Day. Ransomware-as-a-Service (RaaS) models make it easy for even low-skilled criminals to deploy sophisticated strains.
According to the Annual Cyber Threat Report 2024-2025, 11% of all incidents responded to included ransomware, consistent with last year. Ransomware continues to be the most disruptive cybercrime threat in FY2024–25. In FY2024–25, ASD’s ACSC responded to 138 ransomware incidents, 39% of which were the result of ASD’s ACSC contacting the entity to warn of a possible cyber security incident. Australia has seen multiple high-profile ransomware incidents, notably the 2022 Medibank and Optus breaches, which involved data theft and extortion tactics. While these were not confined to Christmas, similar timing tactics were observed in smaller Australian firms.
Akira Ransomware Group were notably the most active threat group through January of this year. Responsible for attacking an Australian company specialising in operational technology (OT) and industrial control systems (ICS). The group claimed to have stolen 10GB of corporate data, including sensitive employee documents such as passports, driver’s licenses, medical records, birth and death certificates, alongside contracts, financial records, and project files.
The Essential Eight framework provides a structured defence against ransomware by addressing its attack chain at multiple stages:
By achieving at least Maturity Level Two across these controls, organisations drastically reduce their vulnerability to ransomware infection and data theft.
By embracing the Essential Eight as the organisation’s cyber tinsel (layering strong controls across systems) executives can ensure business continuity shines brightly even if attackers come knocking during the festive break.
