Australia’s Home Secretary announced the Australian Government’s Ransomware Action Plan, which is a set of new measures the country will adopt in an attempt to deal with the growing threat.
Ransomware is a global problem and Australian businesses are not excluded from costly attacks disrupting services. In July, the government warned of an escalation of LockBit activity in the country.
According to a report by the Office of the Australian Information Commissioner (OAIC), in the first half of 2021, data breaches resulting from ransomware attacks increased by 24% compared to H2 2020.
To deal with the risk, the Australian government approved a massive investment of A $ 1.67 billion (US $ 1.23 billion) over ten years as part of Australia’s Cyber Security Strategy 2020, with the ransomware plan making part of the initiative.
The highlights of the new ransomware action plan are as follows:
- The formation of a multi-agency working group called “Operation Orcus”, led by AFP (Australian Federal Police).
- The introduction of a mandatory ransomware incident reporting clause for all victim entities.
- The implementation of awareness programs for companies of all sizes.
- Introducing tougher penalties for cyber extortionists and ransomware actors based in the country.
- Be more active by exposing states that facilitate ransomware attacks or provide havens for cybercriminals.
- Actively track and intercept cryptocurrency transactions that have confirmed links to ransomware operations or other cybercrime.
The plan is backed by an investment of AU $ 164.9 ($ 121.2 million), of which about half goes to employ 100 additional AFP officers. The new task force will take on the role of identifying, investigating and targeting cybercriminals.
Disrupting Double Extortion Patterns
To further strengthen the ability to investigate and disrupt ransomware attacks, the government is seeking to establish new powers through the Surveillance Law Amendment Act 2021.
Under this new legislation, the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) will have the power to delete or delete data related to suspected criminal activity, allowing access to devices and networks. and even taking control of online accounts. for investigative purposes.
These new powers will allow law enforcement to delete data stolen in ransomware attacks and stored on servers exploited by attackers for use in double extortion schemes. By deleting the data, law enforcement hopes to prevent possible data breaches if a victim does not pay the ransom.
“Establish procedures for certain Australian Federal Police or Australian Crime Commission law enforcement officers to obtain emergency warrants and clearances who:
(i) authorize the disruption of data contained in computers; and
(ii) are likely to make a substantial contribution to preventing the commission of relevant offenses; and ”- Law of 2021 amending the legislation on surveillance.
In terms of victim support, the plan also includes A $ 6.1 million ($ 4.5 million) that will help businesses recover from catastrophic cyber attacks and train small and medium-sized businesses on how to improve. their position on cybersecurity.
The announcement of Australia’s new ransomware action plan is in line with what international allies are doing to tackle the problem, with only Russia and China being left out of the talks.
Not only are these two countries’ efforts to tackle cybercrime unconvincing, they have also been repeatedly and openly accused of supporting some of the most damaging attacks of this type.
- Australia passes surveillance bill that allows police to take over accounts, edit and delete data
- Hacker Takes Credit for 54 Million T-Mobile Data Breaches, Calls Security ‘Horrible’
- JVCKenwood hit by Conti ransomware for 1.5TB data theft
- Ransomware gang threatens to leak data if victim contacts FBI and police
- US sanctions cryptocurrency exchange used by ransomware gangs