Ninety‑eight percent of Australian organisations that had data encrypted reported they ultimately recovered it. Forty‑one percent said they paid the ransom and restored data that way, down from 66% a year earlier, while 67% used backups, compared with 72% in the previous survey period. The median ransom demand in Australia over the period was US$217,000, below the US$4.42 million median reported in 2024. Among respondents whose organisations paid and disclosed the amount, the median payment was US$350,000. On average, Australian organisations paid about 88% of the initial demand, with 52% paying less than first requested, 24% paying the same, and 24% paying more. Excluding any ransom payment, the mean cost to recover from a ransomware incident for Australian organisations was US$650,000, down from US$2.37 million in 2024. This figure covers downtime, staff time, device and network remediation, and foregone business. Recovery timelines also changed: 47% reported full recovery within a week, up from 36% the previous year, while 13% took between one and six months, down from 33%.