Exclusive: A groundbreaking initiative requiring companies to disclose whether they have succumbed to cyber extortion has exposed a concerning reality: a significant number of Australian firms are paying ransoms to international criminals.

Home Affairs Minister Tony Burke has pointed out that Russian crime syndicates present an increasing threat in the realm of cyber ransom, joining the ranks of scammers from China, Iran, and North Korea.

Since May 30, businesses in Australia with annual revenues exceeding $3 million are legally obligated to report any ransom payments to the federal government, in an effort to gauge the prevalence of such transactions.

Cameron Whittfield, a Melbourne-based lawyer specializing in cyber security at HSF Kramer, noted that only a small fraction of companies targeted by ransom attacks actually fulfill the demands.

He estimates this figure to be under one-third.

“Those who choose to pay are likely driven by operational or asset integrity concerns rather than issues related to data, as the information is typically compromised by the time the extortion demand is made,” Whittfield explained.

“And so what you’re paying for is something which is relatively intangible, which is basically a commitment from a threat actor to not disclose or delete that data.

“Now that can occur whether or not you’re critical infrastructure or a hospital or electricity distribution or something similar, or it could be just an everyday business, a small, medium business, which just relies on continuity.”

9News has been told that ransoms targeting bigger companies typically range from hundreds of thousands to millions of dollars.

McGuinness said paying ransoms “just feeds this cycle of criminality”.

“We’re dealing with criminals, so we can’t trust that they’re going to be honest,” she said.

“We know they have data. They may give back a copy, but we’ve also seen criminals and other criminals then exploit further the data.

“Those who pay a ransom really illuminate themselves as a target, as being a payer, and so many of them are retargeted and have to pay again.”

Burke said: “A lot of the reports we’ve had have been from Russian gangs, but no matter what country it’s from, they’ve all got one thing in common: they’re criminals, they’re not trustworthy, and they’re not going to act in people’s interests.”