Companies across Australia may soon be banned from paying hackers if they fall victim to data breaches as the federal government examines whether new laws are needed to stop ransom payments in the wake of the Medibank and Optus data breaches. 

Minister for Home Affairs Clare O’Neil states that while short-term successes were needed in cyber security reform, other long-term outcomes such as banning ransom payments were being considered. 

“The way we’re thinking about the reform task … is a bunch of quick wins, things that we can do fast, and the standing up for the new police operation is one of those,” Minister O’Neil said.  

“There’s some really big policy questions that we’re going to need to think about and consult on, and we’re going to do that in the context of the cyber security strategy. We’ll have a look at (making ransom payments illegal).” 

The Minister’s announcement of making ransom payments illegal follows the federal government’s high-tech policing operation that is targeting the network of hackers behind the Medibank attack, which stole the medical histories and private information of customers. 

Minister O’Neil said Medibank was right not to pay the ransom demanded by the hackers. 

“I have never seen people that lack a moral code so clearly than the hackers who are releasing data about Australians online,” she said. 

“The idea we’re going to… trust these people to delete data they have taken off and may have copied a million times is just, frankly, silly… we don’t want to fuel the ransomware business model.” 

It was confirmed last Friday that Russian criminals were behind the attack on Australia’s largest private health insurer. 

Following this, a 100 officer-strong, standing cybercrime operation targeting hackers will be led by the AFP and Australian Signals Directorate. 

“This is Australia standing up and punching back,” Minister O’Neil said. 

“We are not going to sit back while our citizens are treated this way and allow there to be no consequences for that. We are offensively going to find these people, hunt them down and debilitate them before they can attack our country.” 

The Minister also said that the response to cyber offences needed to be improved, with institutions like NAB receiving 50 million attacks a month and the tax office three million a month. 

“I don’t think anyone can promise cyber attacks are going to go away and one of the things people need to understand is really how relentless this is,” she said. 

Nationals leader David Littleproud said he wanted to work closely with the federal government to speed up passage of legislation to ensure better cyber security measures and larger fines for companies. 

“Let’s work together and get this right because this is people’s private data being shared on the dark web for reasons that shouldn’t be put out there,” he said. 

“There’s an opportunity to actually expedite it. We’re saying to the government let’s see the urgency in this.” 

Minister O’Neil said there needed to be a mechanism to make sure companies only held data while it was useful and then dispose of it. 

With AAP 

Eliza Sayon

Website | + posts

Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.

• Developing an effective data ecosystem
• The journey of building an ecosystem through data
• NZ government strengthens data privacy laws against third parties
• eSafety Commissioner issues legal notice against Twitter