Australia's 'zero tolerance' action plan on ransomware attacks
Our Australian friends vowed to get tough on ransomware and the people behind the often debilitating attacks on businesses and public agencies. Now the Australian Government has delivered.
The Ransomware Action Plan, unveiled today, will introduce criminal offences specifically targeted at ransomware attackers who use malware to lock up computer systems and data held on them, typically demanding payment for them to be released.
It will make it mandatory for companies with annual revenue of A$10 million or more and who fall victims to a ransomware operation, to report the attack to the authorities via a reporting regime that will be established following consultation with the industry.
The new measures will require legislative changes to accommodate four new provisions:
- Introducing specific mandatory ransomware incident reporting to the Australian Government
- Introducing a stand-alone offence for all forms of cyber extortion
- Introducing a stand-alone aggravated offence for cybercriminals seeking to target
critical infrastructure (as proposed to be regulated by the Security Legislation Amendment (Critical Infrastructure) Bill 2020)
- Modernising legislation to ensure that cyber criminals are held to account for their actions, and law enforcement is able to track and seize or freeze their ill-gotten gains
The new legislation is expected to pass in Australia's federal parliament after gaining agreement from a joint parliamentary committee earlier this month.
"We need to ensure that Australia remains an unattractive target for criminals and a hostile place for them to operate," Karen Andrews, Minister for Home Affairs, said in launching the action plan.
"Australia needs to remain agile and prepared to quickly stand up differing approaches over time. This approach will ensure that Australia can maintain a consistent and mature security posture to meet security objectives well into the future," she added.
The action plan also provides for the establishment of a multi-agency task force, Operation Orcus, which will be led by the Australian Federal Police and coordinate action against ransomware attackers.
You must be logged in in order to post comments. Log In