Australia drops plans to ban ransomware payments in new national cyber strategy


Australia’s government dropped plans to ban businesses from making ransomware payments as part of its revamped national cybersecurity strategy released on Wednesday, opting instead to introduce a mandatory reporting obligation.

The strategy — published almost a year after the idea of criminalizing payments was touted by Clare O’Neil, the minister for home affairs and cybersecurity — follows several large security incidents affecting businesses in the country.

Costed at AU$587 million($382 million) over the next seven years, the new approach is intended to cut the AU$3 billion ($1.9 billion) in annual damages that ransomware is estimated to drain from Australia’s economy.

“We cannot continue as we have. We can’t have a situation where we have data flying around the country, where we have critical infrastructure starting to fail, where we have small business and citizens who are continually telling us they feel vulnerable and unable to cope with the cyberthreats themselves,” O’Neil told journalists in Sydney.

In the 64-page document, the government set out its plans to introduce new mandatory reporting obligations for businesses to disclose when they have been hit by a ransomware attack.

The underreporting of ransomware incidents is “limiting our national understanding of their true impact on the economy,” states the document, which explains that the “mandatory, no-fault, no-liability” obligation to disclose these incidents would improve this.

“Pending design, anonymised reports of ransomware and cyber extortion trends could be shared with industry and the broader community to help us take steps to build our national resilience against cybercrime,” it adds.

Among the highest-profile incidents to have affected Australians was a ransomware attack on Medibank last year, one of the country’s largest health insurance providers.

The attack resulted in sensitive health care claims data for around 480,000 individuals — including information about drug addiction treatments and abortions — being stolen and published online as part of the criminals’ attempt to extort the company.

O’Neil told journalists she would have preferred to ban ransomware payments altogether as a method to undercut the business model supporting the criminal ecosystem, and that the government would again consider whether it could be possible to introduce a prohibition on payments in two years time.

“Every time a ransom is paid, we are feeding the cybercrime problem. Now, we are in a situation in our country where it is clearly not the right time at this moment to ban ransoms, and that’s because we haven’t done the hard work,” she said, as reported by the Australian Financial Review.

In response to the Medibank attack and others last year, the Australian government announced a new permanent joint standing operation between the Australian Federal Police (AFP) and the Australian Signals Directorate (ASD) — the country’s cyber and signals intelligence agency — to tackle cybercrime.

This operation has been named Operation Aquila in the strategy document, which explains that the agencies will “use offensive cyber capability as a criminal investigation tool towards prosecution or disruption.”

Alongside Operation Aquila, the Australian government announced it was continuing to invest in Project REDSPICE — an AUS $10 billion ($6.5 billion) funding increase for the country’s cyber intelligence agency.

This boost in funding is intended “to build world-class, innovative offensive cyber capabilities that can deliver real world impact to deter, disrupt, degrade and deny cybercrime” and “triple Australia’s offensive cyber capabilities.”

The strategy said the details of these capabilities would remain classified.

Australia’s government has pledged, alongside dozens of other nations, to not pay ransoms when its own networks are attacked.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA

Next Post

Rebel offensive in Myanmar takes aim at online scam industry

Related Posts

Apple is ramping up its fight against malware

Ensuring platform security is hard, but when a company the stature of Apple begins to ramp up protection of its ecosystem, every IT decision maker should pay attention. Unfortunately, this is precisely what's happening: Apple is now updating fundamental protection at a faster clip than it's ever done before.Apple’s security teams are alert That important revelation comes from Howard Oakley at the excellent Eclectic Light Company blog. He notes that in the six weeks ending Feb. 9 Apple, has updated a Mac security feature called XProtect five times — introducing 11 new rules to the service.To read this article in full, please click here
Omega Balla
Read More

Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. "Microsoft will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days,"
Jason Macuray
Read More