Fed govt to enforce ransomware reporting in cyber crackdown

The federal government will enforce mandatory ransomware reporting for businesses as part of a raft of reforms targeting cyber criminality. 

Under its new Ransomware Action Plan, the government will introduce a number of standalone criminal offences against all forms of cyber extortion, with criminals using ransomware set to face increased maximum penalties.

A new criminal offence has also been created for people that target critical infrastructure with ransomware, alongside dealing with stolen data knowingly obtained from a separate hack. 

The plan includes the criminalisation of buying or selling of malware for the purposes of undertaking computer crimes. 

The government also plans to "modernise” its current legislation in order for law enforcement to gain a better handle on tracking and seizing financial transactions in cryptocurrency. 

During financial year 2021, the number of cyber attack reports rose 13 per cent to more than 67,500, resulting in self-reported financial losses totalling more than $33 billion. 

According to the Australian Cyber Security Centre, ransomware attacks increased 15 per cent, with COVID-19 playing a major role in the number of reported scams.

“Ransomware gangs have attacked businesses, individuals and critical infrastructure right across the country,” Minister for Home Affairs Karen Andrews said. 

“Stealing and holding private and personal information for ransom costs victims time and money, interrupting lives and the operations of small businesses." 

Andrews added the measures would hit cyber criminals "where it hurts most – their bank balances”. 

To help enforce the new legislation, the government has launched a multi-agency operation targeting cyber crime groups, both in Australia and overseas, which will be spearheaded by the Australian Federal Police. 

The agencies will "share intelligence directly with the Australian Cyber Security Centre as they utilise their disruptive capabilities offshore," Andrews claimed.  

The plan comes almost a year after the government launched its 2020 Cyber Security Strategy, on which it is spending $1.67 billion over the next 10 years.

Almost half of this will be pumped into bolstering the Australian Signals Directorate (ASD) by investing $469.7 million into the recruitment of 500 additional cyber security specialists.