Australia’s Minister for Home Affairs has announced the “Australian Government’s Ransomware Action Plan,” which is a set of new measures the country will adopt in an attempt to tackle the rising threat.
Ransomware is a global problem, and Australian businesses aren’t excluded from costly service-disrupting attacks. In July, the government warned of an escalation of LockBit activity in the country.
According to a report from the Office of the Australian Information Commissioner (OAIC), in the first half of 2021, data breaches resulting from ransomware attacks grew by 24% compared to H2 2020.
To address the risk, the Australian government has approved a massive investment of AU $1.67 billion (USD $1.23 billion) over ten years through Australia’s Cyber Security Strategy 2020, with the ransomware plan a part of the initiative.
The highlights of the new Ransomware Action Plan include the following:
- The formation of a multi-agency taskforce named ‘Operation Orcus,’ led by the AFP (Australian Federal Police).
- The introduction of a mandatory ransomware incident reporting clause for all victimized entities.
- The establishment of awareness raising programs for businesses of all sizes.
- The introduction of harsher punishments for cyber extortionists and ransomware actors based in the country.
- Be more active in calling out states that facilitate ransomware attacks, or provide safe havens to cybercriminals.
- Actively track and intercept cryptocurrency transactions that have confirmed links to ransomware operations or other cybercrimes.
The plan is backed by an investment of AU $164.9 ($121.2 million), with roughly half of it going to the employment of an additional 100 AFP agents. The new task force will undertake the role of identifying, investigating, and targeting cyber criminals.
Disrupting double-extortion schemes
To further strengthen the ability to conduct investigations and disrupt ransomware attacks, the government is looking to establish new powers through the Surveillance Legislation Amendment Act 2021.
Under this new legislation, the Australian Federal Police (AFP) and Australian Criminal Intelligence Commission (ACIC) will have the power to delete or remove data linked to suspected criminal activity, permitting access to devices and networks and even allowing the take over of online accounts for investigation purposes.
These new powers will allow law enforcement to delete data stolen during ransomware attacks and stored on servers operated by the attackers for use in double-extortion schemes. By deleting the data, law enforcement hopes to prevent potential data breaches if a victim does not pay the ransom.
“to establish procedures for certain law enforcement officers of the Australian Federal Police or the Australian Crime Commission to obtain warrants and emergency authorisations that:
(i) authorise the disruption of data held in computers; and
(ii) are likely to substantially assist in frustrating the commission of relevant offences; and” – Surveillance Legislation Amendment Act 2021.
In terms of supporting the victims, the plan also includes AU $6.1 million ($4.5 million) that will go into helping businesses recover from catastrophic cyberattacks and train small and medium-sized companies on how to improve their cybersecurity stance.