Login
iscover
Share this article on:
Powered by MOMENTUMMEDIA
Powered by MOMENTUMMEDIA
Cybercriminals are leveraging AI to create more sophisticated ransomware attacks, overwhelming security teams and exploiting vulnerabilities in Australian businesses. With recovery costs rising and even defunct companies being targeted, Sophos field CTO Aaron Bugal explains how businesses can protect themselves.
Cybercriminals are leveraging AI to create more sophisticated ransomware attacks, overwhelming security teams and exploiting vulnerabilities in Australian businesses. With recovery costs rising and even defunct companies being targeted, Sophos field CTO Aaron Bugal explains how businesses can protect themselves.
Ransomware is here to stay, Aaron Bugal told Cyber Daily editor Liam Garman on a recent podcast - as AI makes it easier for cyber criminals to find and exploit vulnerabilities.
Liam Garman, editor of Cyber Daily: Let’s dive straight in. You've got Sophos X-Ops, which is your research team analysing the big trends in cyber security. What are you seeing in the world of cyber security?
Aaron Bugal, Field CTO at Sophos: Ransomware remains a major issue in early 2025. While some old ransomware groups have disappeared—either shutting down voluntarily or due to law enforcement action—new splinter cells are emerging to exploit fresh opportunities. Reports highlight too many Australian organisations being breached, with initial access often sold before ransomware is deployed. Even defunct companies aren't spared. The impact is severe, affecting business owners and everyday people—our families, friends, and neighbours.
Another growing tactic is overwhelming security teams with digital noise to mask attacks. These trends show ransomware is evolving, not fading.
Liam: Why is it surprising that ransomware is still here?
Aaron: Ransomware today mirrors old-school extortion—just in a digital form. While I hope for a "magic bullet" to eliminate it, the reality is we rely on cybersecurity solutions like Sophos CryptoGuard to detect, stop, and even reverse ransomware attacks. But this is a last line of defence. The real focus should be on prevention—blocking access before criminals reach sensitive data. Simple measures like multi-factor authentication, patching systems, and enforcing strong access controls make hacking harder. Cybercriminals, often using AI to refine attacks, seek the easiest targets. Strengthening basic cybersecurity hygiene is the best way to stay ahead.
Liam: This makes sense. You have to lock your doors. Once an intruder is in - it’s already too late. Can you give us a case study of where AI has been used by both threat actors and defenders in the cyber security environment?
Aaron: Detecting AI-generated content isn’t straightforward, but we see AI-powered tools helping schools catch plagiarism. In cybersecurity, generative AI has democratised phishing, enabling low-skilled criminals to craft convincing lures in multiple languages within seconds. AI even guides them on engaging victims until payload delivery. Emerging AI models, like DeepSeek, face the same security challenges OpenAI did, with weaker protections allowing malicious use. The real concern is that AI empowers more attackers, accelerating both the volume and sophistication of cyber threats. As AI advances, organisations must stay vigilant against this growing wave of cybercrime.
Liam: So does Sophos use AI?
Aaron: AI-driven security isn’t new—we've used machine learning for malware detection for years. At Sophos, we apply AI where it’s most effective, like decoding obfuscated command lines used by cybercriminals. More importantly, AI helps businesses with limited security expertise by providing clear, contextual alerts. Many Australian organisations rely on non-specialists for cybersecurity, making AI-driven guidance essential. Our AI helps users—from IT staff to executives—understand threats, assess impact, and take action to prevent future attacks. The real value of AI is proactive defence—identifying risks before they escalate, protecting businesses from reputational, financial, and operational damage.
Liam: Do you expect that we'll see costs of cyber breaches continue to increase over 2025? And for businesses that might be concerned over it, what can they be doing now to better protect themselves?
Aaron: While attacks are decreasing, that’s no victory—Australian organisations are still being hit frequently. Cybercriminals, now on the back foot, are launching more aggressive attacks, aiming to cripple systems and force ransom payments. Recovery costs are rising due to attack complexity and businesses' growing reliance on specialised cloud systems. Without in-house expertise, companies must pay costly external support. Cyber insurance helps, but insurers may deny claims if basic security measures—like patching—weren't followed. The increasing complexity of both cyber threats and IT environments means businesses must invest more in prevention, or risk devastating financial and operational consequences.
Liam: At Sophos, you also recently had an acquisition of SecureWorks. How, how are you providing and improving your threat intelligence to keep businesses safe?
Aaron: The SecureWorks acquisition enables us to scale as one of the world’s largest managed detection and response providers. Cybersecurity is incredibly difficult—IT teams already juggle daily operations, and adding advanced threats to the mix is overwhelming. Many businesses lack deep security expertise, and that’s where we step in. Our service alleviates the burden, managing complex threats so organisations can focus on growth. We integrate with existing security tools, cutting through the noise to provide clear, actionable insights. Cyber defense is tough, but asking for help is okay—our human expertise ensures businesses stay secure in an ever-evolving threat landscape.
To listen to the podcast between Sophos field CTO Aaron Bugal and Cyber Daily’s Liam Garman, click here.
Be the first to hear the latest developments in the cyber industry.
