Ransomware is no longer a threat that only hits large corporations or government agencies. In 2026, Perth small and medium businesses are squarely in the crosshairs. The Australian Cyber Security Centre (ACSC) reported over 94,000 cyber crime incidents in the 20242025 financial year, and ransomware alone accounted for hundreds of millions of dollars in losses across Australian businesses.
For Perth businesses, the risk is compounded by our city's growing status as a hub for professional services, mining and resources, healthcare, and logistics industries that ransomware gangs specifically target because they handle time-sensitive, high-value data. A single ransomware infection can lock you out of your files, cripple your email, and bring your operations to a standstill for days or weeks.
This guide covers exactly what ransomware is, how Perth businesses get infected, the real costs involved, and most importantly the practical steps you can take today to protect your business and respond effectively if the worst happens.
β οΈ Key Fact
According to the ACSC, the average cost of a cyber crime incident for an Australian small business is $71,600. For medium businesses, that figure jumps to over $100,000. Ransomware attacks typically cost 23 times more than other cyber incidents due to downtime, recovery, and ransom payments.
What Is Ransomware?
Ransomware is a type of malicious software that encrypts your files and systems, then demands a payment (usually in cryptocurrency) to restore access. Modern ransomware is highly sophisticated it doesn't just encrypt files on a single computer. It moves laterally across your network, encrypts server data, targets backup files, and even exfiltrates sensitive data before triggering the encryption. This "double extortion" tactic means attackers can threaten to publish your data even if you have backups.
Some of the most active ransomware variants targeting Australian businesses in 20252026 include LockBit, BlackCat (ALPHV), Akira, and Royal. These aren't amateur operations they're organised criminal enterprises with dedicated support desks, public leak sites, and sophisticated affiliate programs.
How Ransomware Gets Into Perth Businesses
Understanding the common entry points is the first step to defending against them. Here are the five most common ways ransomware finds its way into Perth SMEs:
- Phishing emails The #1 vector. An employee receives an email that looks legitimate, clicks a link or opens an attachment, and the ransomware drops onto the network. Over 90% of ransomware attacks start this way.
- Remote Desktop Protocol (RDP) attacks If you have remote desktop access exposed to the internet without strong authentication or a VPN, attackers can brute-force their way in. This is especially common in Perth businesses that set up remote access during COVID and never hardened it.
- Software vulnerabilities Unpatched software is an open door. Attackers scan for known vulnerabilities in VPN appliances, web servers, and business applications. The ACSC's Essential 8 mandates patching within 48 hours for critical flaws.
- Compromised third-party vendors Attackers breach a smaller, less secure vendor and use that access to jump into their larger clients' networks. If your accounting firm, lawyer, or IT provider gets compromised, you could be next.
- Malicious downloads Staff downloading unauthorised software, browser extensions, or files from untrusted sources can inadvertently install ransomware.
The Real Cost of Ransomware for Perth SMEs
When most business owners think of ransomware costs, they think of the ransom demand itself. But the ransom is often the smallest part of the total bill. Here's what a ransomware attack really costs a Perth business:
- Ransom payment Typically $5,000$50,000 for SMEs, but paying does not guarantee you'll get your data back. Many businesses who pay never recover all their files.
- Downtime and lost revenue Average downtime is 21 days. For a Perth professional services firm billing $20,000 per week, that's $60,000 in lost revenue.
- Recovery costs IT forensics, system rebuilds, data restoration, and security remediation. Expect $10,000$40,000 depending on complexity.
- Client notification and reputational damage Under the OAIC Notifiable Data Breaches scheme, you must notify affected clients if personal information is compromised. This can lead to client churn and lost contracts.
- Cyber insurance premium increases After a claim, expect your premiums to double or triple if you can get coverage at all.
π° Average Ransomware Attack Cost for Perth SMEs
| Cost Category | Small Business (<20 staff) | Medium Business (20100 staff) |
|---|---|---|
| Ransom demand | $5K$15K | $20K$50K |
| Downtime & lost revenue | $15K$40K | $40K$120K |
| Recovery & forensics | $10K$20K | $20K$40K |
| Client notification & legal | $3K$10K | $10K$30K |
| Total estimated cost | $33K$85K | $90K$240K |
7 Essential Steps to Prevent Ransomware
1. Implement Multi-Factor Authentication Everywhere
MFA is the single most effective control you can deploy. It stops 99.9% of automated attacks, including credential-stuffing and phishing-based credential theft. Every Microsoft 365 account, every business application, every VPN, every admin portal if it supports MFA, turn it on. The ACSC lists MFA as a core Essential 8 mitigation strategy, and for good reason.
2. Deploy Endpoint Detection and Response (EDR)
Traditional antivirus is not enough. EDR solutions like SentinelOne, CrowdStrike, or Microsoft Defender for Business use behavioural analysis to detect and stop ransomware in real-time. When a suspicious process tries to encrypt files, EDR can automatically isolate the machine from the network, blocking the attack before it spreads. This is a non-negotiable control for any Perth business with more than five computers.
3. Harden Your Email Security
Since email is the primary delivery mechanism for ransomware, your email security needs to be robust. Microsoft 365's built-in protections are a good baseline, but dedicated email security gateways offer significantly better protection against sophisticated phishing, business email compromise (BEC), and malicious attachments. Also configure DMARC, DKIM, and SPF records for your domain to prevent email spoofing and domain impersonation.
4. Maintain Air-Gapped or Immutable Backups
Modern ransomware targets backups. If your backup solution writes to a network drive that's always connected, the ransomware will encrypt it too. You need immutable or air-gapped backups copies that ransomware cannot modify or delete. The 3-2-1 rule still applies: three copies, two media types, one off-site. But for ransomware specifically, ensure your backup solution includes an immutable cloud copy or air-gapped offline backup. Test your restores quarterly. We covered this in more detail in our cyber security checklist for Perth SMEs.
5. Restrict Administrative Privileges
Most Perth SMEs give every employee local admin rights on their computer. This is a gift to attackers. If one user clicks a malicious link, the ransomware inherits that user's privileges. If they have admin rights, the ransomware can install drivers, disable security tools, and spread across the network. Implement the principle of least privilege: standard users get standard access, and separate admin accounts are used only when needed.
6. Maintain Rigorous Patch Management
Unpatched software is the entry point for many ransomware variants. The ACSC's Essential 8 framework mandates patching operating systems and applications within 48 hours for critical vulnerabilities and within two weeks for high-severity ones. Automated patch management through a Remote Monitoring and Management (RMM) tool ensures patches are deployed consistently and compliance is reported. Manual patching is unreliable automate it.
7. Train Your Staff to Spot Phishing
Your staff are either your strongest defence or your weakest link. Regular security awareness training with simulated phishing tests reduces successful phishing clicks from ~30% down to under 5%. Platforms like KnowBe4, Mimecast, and Microsoft Defender for Office 365 make this easy to automate. Training should be ongoing, not a one-off session at onboarding. Every quarter, run a simulated phishing campaign and review the results.
What to Do If You're Hit by Ransomware
Despite your best prevention efforts, attacks can still succeed. Having a clear, rehearsed incident response plan is critical. Here's what to do immediately if you suspect a ransomware infection:
- Isolate affected systems immediately Disconnect the infected computer(s) from the network. Do not shut them down (this can destroy forensic evidence), but pull the network cable or disable Wi-Fi. If the infection is widespread, consider taking the entire network offline.
- Do NOT pay the ransom The ACSC, Australian Federal Police, and international law enforcement all strongly advise against paying ransoms. Paying funds criminal enterprises, and there is no guarantee you'll get your data back. Many businesses who pay receive only partial data recovery.
- Preserve evidence Take screenshots of ransom notes, preserve log files, and document everything you know about the infection timeline. This information is critical for forensic investigators and law enforcement.
- Notify your IT provider and insurance If you have a managed IT provider (like Stride IT), call them immediately. Also notify your cyber insurance broker if you have coverage. They will guide you through the claims process and may have preferred forensic vendors.
- Report to the ACSC Report the incident through ReportCyber. The ACSC uses this data to track threat trends and may provide guidance.
- Initiate your incident response plan Who communicates with staff? Who notifies clients? What systems are restored first? If you don't have an incident response plan yet, read our incident response guide and create one this week.
Cyber Insurance and Ransomware
Cyber insurance is an important part of your risk management strategy, but it is not a replacement for strong security controls. Insurers are increasingly requiring minimum security standards before offering coverage. Common prerequisites include:
- Multi-factor authentication on all email and remote access systems
- EDR or next-generation antivirus on all endpoints
- Regularly tested, immutable backups
- Patch management program aligned with Essential 8 timelines
- Staff security awareness training program
- Incident response plan documented and tested
Many Perth businesses are surprised to discover that their existing policy excludes ransomware coverage or has sub-limits that don't reflect the true cost of an attack. Have your broker review your policy specifically for ransomware coverage.
Why Perth Businesses Need a Proactive Security Partner
Implementing all of these controls internally is possible, but it requires dedicated expertise, time, and consistent attention. Most Perth SMEs don't have an in-house IT security specialist. That's where a managed IT and cyber security provider adds the most value. An MSP like Stride IT can:
- Deploy and manage EDR across all your endpoints
- Configure and monitor your email security gateway
- Implement automated patch management with compliance reporting
- Set up immutable backup solutions with quarterly restore testing
- Conduct security awareness training with simulated phishing
- Provide a 24/7 security operations capability to detect and respond to threats
Our cyber security services are designed specifically for Perth SMEs. We build defences around the ACSC Essential 8 framework and tailor them to your industry, your risk profile, and your budget. From professional services firms in the CBD to trades businesses in Osborne Park, we help Perth businesses sleep better at night knowing their data is protected.
Not sure if your business is ransomware-ready?
Our free IT health check assesses your current security posture, identifies gaps, and gives you a clear action plan. No obligation, no sales pitch.
Take the Free Health CheckKey Takeaways
- Ransomware is the most financially destructive cyber threat facing Perth SMEs, with average total costs of $33K$240K depending on business size
- The most common entry points are phishing emails, exposed RDP, unpatched software, and compromised third-party vendors
- Seven essential controls prevent the vast majority of attacks: MFA, EDR, email security, immutable backups, least-privilege access, automated patching, and staff training
- If attacked: isolate immediately, do NOT pay the ransom, preserve evidence, and notify your IT provider and insurer
- Cyber insurance is important but requires demonstrated security controls it's not a substitute for prevention
- Partnering with a Perth-based MSP reduces the burden of implementing and maintaining these controls internally
π Related Reading
- Cyber Security Checklist for Perth SMEs: 9 Steps to Protect Your Business Complementary checklist covering all major security controls
- Incident Response: Your Business Owns the Plan How to build and test an incident response plan for your Perth business
- π Stride IT Cyber Security Services ACSC Essential 8-aligned cyber security for Perth SMEs
- π Backup & Disaster Recovery Services Immutable backup solutions with tested restores
Stride IT is a Perth-based managed IT and cyber security provider helping local businesses protect against ransomware and other cyber threats. Our cyber security services are aligned with the ACSC Essential 8 and tailored to the specific needs of Perth SMEs. Get in touch for a no-obligation discussion about your security posture.