Australian Government launches Ransomware Action Plan

Share

As ransomware attacks continue to disrupt services and steal from Australians, the Australian Government has launched the new Ransomware Action Plan to protect the country’s community and economy. 

The Ransomware Action Plan introduces new criminal offences, tougher penalties and a mandatory reporting regime in response to the 15% increase in reported ransomware attacks over the last year. 

“Ransomware gangs have attacked businesses, individuals and critical infrastructure right across the country,” Minister for Home Affairs Karen Andrews said. 

“That’s why the Morrison Government is taking action to disrupt, pursue and prosecute cybercriminals. Our tough new laws will target this online criminality, and hit cybercrooks where it hurts most – their bank balances.” 

Under the Ransomware Action Plan, the Australian Government will: 

  • Introduce a new stand-alone aggravated offence for all forms of cyber extortion. This will ensure increased maximum penalties, a stronger basis for investigations and prosecution of ransomware criminals; 
  • Introduce a new stand-alone aggravated offence for cybercriminals seeking to target critical infrastructure, increasing the penalties;
  • Criminalise the act of dealing with stolen data knowingly obtained in the course of committing a separate criminal offence;
  • Criminalise the buying or selling of malware for the purposes of undertaking computer crimes; and 
  • Modernise legislation so that cyber criminals can’t benefit from their ill-gotten gains, and law enforcement can better track and seize or freeze cyber criminals’ financial transactions in cryptocurrency. 

Aside from these, the Australian Government will also develop a mandatory ransomware incident reporting regime. This will allow them to understand the threat better and provide proper support to victims of ransomware attacks.

The reporting regime will be designed to benefit and not burden small businesses. Businesses with a turnover of over $10 million per annum are expected to be subject to the regime. 

The Ransomware Action Plan also makes clear that the Australian Government does not condone ransom payments to cyber criminals, as there is no guarantee that hackers will restore information, stop their attacks, and not leak or sell stolen data.

The Plan follows the establishment of a new Australian Federal Police-led multi-agency operation that targets ransomware attacks that are linked directly to sophisticated organised crime groups operating in Australia and overseas.

The operation shares intelligence directly with the Australian Cyber Security Centre as they utilise their disruptive capabilities offshore. 

“The release of the Ransomware Action Plan is the latest in a long list of developments that have been rolled out since the Government’s $1.67 billion Cyber Security Strategy commenced in August last year. It builds on the Morrison Government’s strong track record fighting cybercrime,” Minister Andrews said. 

The Australian Government will now consult with the community, industry and interested stakeholders on the mandatory reporting regime and new criminal offences. 

Source: Minister for Home Affairs Media Release