Australia now has a ransomware action plan. Well, it has a 16-page document that tells us how bad ransomware is and that combatting it starts with prevention. It also declares that the Australian government does not condone ransom payments being made to cybercriminals and it wants to know when you’ve been stung.
The ransomware plan was released on Wednesday. It includes a note from our Home Affairs Minister that says:
“Any ransom payment, small or large, fuels the ransomware business model, putting other Australians at risk. Paying ransoms does not guarantee access to locked systems or sensitive data, and may open the victim up to repeat attacks. We need to ensure that Australia remains an unattractive target for criminals and a hostile place for them to operate.”
Karen Andrews said Australia takes a zero tolerance approach to ransomware.
On things that are tangible, the ransomware plan points to the already announced (and severely lacklustre) 2020 Cyber Security Strategy, cooperating with international counterparts, developing a National Plan to Combat Cybercrime, give businesses cyber advice and forging ahead with legislation that requires companies operating in Australia considered ‘critical infrastructure’ to let the government into their networks. Oh yep, that’s a thing. It’s working its way through Aussie Parliament as we speak.
Speaking of legislation, the ransomware plan also says it will bolster the powers of the Australian Federal Police and Australian Criminal Intelligence Commission to identify individuals and their networks engaging in serious criminal activity on the dark web. This will be through the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021. Also known as the ‘hacking bill’.
Law enforcement will also be given more power to investigate and seize ransomware payments.
The ransomware plan says the government will also be providing support services through IDCARE (a non-profit that helps Aussies and Kiwis with cyber things) to support Australians if they have been a victim of cybercrime.
The ‘do not pay’ position is a little different to what Labor would do if it were in charge. Labor’s Ransomware Payments Bill 2021 would require organisations to inform the Australian Cyber Security Centre (ACSC) before a payment is made to a criminal organisation in response to a ransomware attack.
Unlike Andrews’ approach, the Labor one wouldn’t outright say ‘do not pay’. Andrews approach, however, does make it mandatory to report the ransomware incident to the Australian government.
Under the government’s ransomware plan, organisations or people that help victims pay ransom may actually be committing criminal offences.