Ransomware-Payment Report Template for Legal Practices

From 30 May 2025, entities with AU$3m+ annual turnover or responsible for critical infrastructure must lodge a report to ASD within 72 hours of paying (or learning of) a ransom or other benefit.

Get a clear, compliant template to report any ransomware or cyber-extortion payment within 72 hours—designed for legal practices, and aligned to the Cyber Security Act 2024.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
What’s in the template

What The Ransomware Payment Report Asks For From Businesses

Designed for fast, accurate lodgement with step-by-step fields and final checklist to confirm completeness.

Entity Identifiers

Legal name, ABN, registered address and primary contact details

Incident Timeline & Impact

When it occurred and was discovered, systems and data affected, customer impact, known malware/variant, initial entry point or vulnerability (if known)

Extortion Demand

What was requested, by whom (if known), channel used, and any payment destination details provided

Payment or Benefit Provided

Amount or value, method (e.g. cryptocurrency, transfer, service), date/time, and any transaction reference or hash

Communications Log

Timestamps and concise summaries of messages or negotiations with the extorting party or intermediaries

Submission Checklist

A final pass to confirm completeness and note any “not known at time of submission” items

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Learn more

Frequently Asked Questions

HIGH VISUAL PERFORMANCE

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

When do ransomware payment reporting obligations start in Australia?

30 May 2025. From this date, Part 3 of the Cyber Security Act 2024 requires eligible entities to lodge a ransomware or cyber extortion payment report within 72 hours.

Who must lodge a ransomware payment report under the Cyber Security Act 2024?

Any “reporting business entity”: a business carrying on business in Australia with annual turnover of AU$3 million or more, or a responsible entity for a critical infrastructure asset. If a third party pays on your behalf, the obligation still applies to you.

What is the deadline to report a ransomware or cyber extortion payment?

Within 72 hours of making the payment, or within 72 hours of becoming aware that a payment was made on your behalf.

Where do I lodge a ransomware payment report in Australia?

Through the Australian Signals Directorate portal on cyber.gov.au. The template on this page helps you collect the required details in the right order before lodgement.

How is information in a ransomware payment report used and protected?

Agencies may use it only for permitted purposes set out in the Act, such as assisting incident response. Legal professional privilege is preserved, and information is generally not admissible against your business in most proceedings. Voluntary briefings to the National Cyber Security Coordinator are subject to Limited Use protections.

Does this replace our normal incident response process?

No. Continue your incident plan for containment, recovery, notifications and any other legal or contractual duties. The template simply helps you prepare a complete ASD lodgement on time.

Protection and compliance solutions

Explore DefenderSuite Plans

Essential threat protection and baseline compliance for growing businesses needing reliable protection without complex management or high costs.

Advanced threat protection, email protection, and Level 1 Essential Eight alignment for businesses handling sensitive data and stricter requirements.

Comprehensive threat protection, privileged access controls, and Level 2 Essential Eight maturity for businesses at higher risk of targeted attacks.

Enterprise-grade threat protection, insider risk management, and Essential Eight Level 3 for businesses with sensitive, complex, regulated environments.

Need immediate assistance?

Speak with our Cybersecurity Experts today.

1300 93 77 49

Send us an email

We'll get back to you within 1 business day.

info@defendersuite.com.au

Let’s Talk About Your Business’s Cybersecurity

Compliance, data protection, or selecting the right plan — whatever your priority, our team will help you take the next step.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.