Globally, it is estimated that there is a ransomware attack on a business every 11 seconds. Ransomware is a pervasive type of cybercrime which can impact individuals, businesses and critical infrastructure.
Australia’s Ransomware Action Plan seeks to ensure that Australia is a hard target for cybercriminals. This article explores what ransomware is, why Australia is an attractive target, and the key objectives that comprise the Ransomware Action Plan.
What is ransomware?
Ransomware is a form of malware, or intrusive software, that can steal data or cause damage to a computer or computer system. Ransomware encrypts a target’s files so they can no longer be accessed. A ransom, usually in the form of a cryptocurrency, is demanded to restore access to the files. Criminals may also threaten to publish sensitive information if a ransom is not paid.
Paying a ransom does not guarantee recovery of data, and only helps promote ransomware as a profitable criminal enterprise.
Why is Australia an attractive target?
The Australian Cyber Security Centre (ACSC) has reported a 15% increase in ransomware attacks over the past 12 months.
Australian organisations present an attractive target to transnational, organised cybercrime syndicates due to Australia’s relative wealth, high levels of online connectivity, and increasing delivery of services through online channels.
Case study
In early 2019, a specialist unit within a Melbourne hospital was the target of a significant ransomware attack. Sensitive health information from 15,000 patients was encrypted and made inaccessible to staff for a duration of three weeks. The perpetrators demanded a ransom be paid in cryptocurrency in exchange for the files to be decrypted and to allow staff to regain access to the information.
It was reported that a payment was made however not all files were recovered.
Australia’s Ransomware Action Plan
Australia’s Ransomware Action Plan complements its Cyber Security Strategy 2020 which details a $1.67 billion investment over 10 years to build new cybersecurity and law enforcement capabilities, protect essential services, assist businesses to protect themselves, and educate the community about how to be secure online.
The key objectives of the Ransomware Action Plan are:
- Prepare and Prevent.
- Respond and Recover.
- Disrupt and Deter.
Objective 1: Prepare and Prevent
This objective focuses on building Australia’s resilience to ransomware attacks. Key initiatives include:
- ACSC educational initiatives such as the Ransomware Prevention and Protection Guide.
- Public awareness campaigns.
- Partnership programs and information sessions.
- The 2021 International Cyber and Critical Technology Engagement Strategy with $20.5 million to strengthen resilience in Southeast Asia and $17 million to boost capability, including fighting cybercrime, in the Pacific.
- Uplifting the cyber security posture of Australia’s critical infrastructure and systems of national significance through the Security Legislation Amendment (Critical Infrastructure) Bill 2020 and revitalised Trusted Information Sharing Network.
The Australian government is also considering legislative changes, voluntary measures and incentives to strengthen cyber security across the digital economy.
Objective 2: Respond and Recover
This objective focuses on strengthening responses to ransomware attacks by ensuring support is available to victims. Key initiatives include:
- The ACSC’s ReportCyber which allows Australian businesses or individuals to report a cyber incident, including a ransomware attack.
- The Notifiable Data Breaches scheme under the Privacy Act 1988 which requires Australian government agencies and certain Australian businesses to report ransomware attacks that involve a breach of personal information likely to result in serious harm.
- Providing $6.1 million for support services through IDCARE to support Australians if they have been a victim of cybercrime.
- Educating industry, businesses and the community on how to respond to an incident, including clearly stating that the Australian government does not condone the payment of a ransom to cybercriminals.
Future and ongoing work to support response initiatives includes legislative reforms to ensure law enforcement can investigate and seize ransomware payments, and legislative reforms to specifically mandate ransomware incident reporting to the Australian government.
Objective 3: Disrupt and Deter
This objective focuses on disrupting cybercriminals through deterrence and offensive action by strengthening Australia’s criminal law regime and increasing the risk of ransomware gangs being caught. Key initiatives include:
- Establishing a new multi-agency law enforcement operation (Operation Orcus) led by the Australian Federal Police (AFP) to crack down on the rising ransomware threat, both in Australia and overseas.
- Strengthening Australia’s capability to counter cybercrime through a $164.9 million investment, including $89.9 million to equip the AFP with an additional 100 personnel to target cybercriminals.
- Establishing new powers through the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021, to equip the AFP and the Australian Criminal Intelligence Commission (ACIC) to identify individuals and their networks engaging in serious criminal activity on the dark web through network activity, data disruption and account takeover warranted powers.
- Utilising the offshore offensive cyber capabilities of the Australian Signals Directorate (ASD) to disrupt foreign cybercriminals targeting Australian households and businesses.
- Working with international partners to coordinate international disruption effort.
Future and ongoing work to build disruption and deterrence initiatives include:
- Legislative reforms to ensure that harsher penalties apply to those who engage in ransomware.
- Joint operations with international counterparts to strengthen shared capabilities to combat ransomware.
- Actively calling out states who support or provide safe havens to cybercriminals.
- Tackling cryptocurrency transactions associated with the proceeds of ransomware crimes.
Key takeaways
Ransomware presents a significant threat to Australia due to its wealth and degree of online connectivity. Australia’s Ransomware Action Plan focuses on building Australia’s resilience to ransomware attacks, supporting victims and ensuring that they know how to respond to an attack, and disrupting cybercriminals through deterrence and offensive action. Looking to the future, Australia is considering legislative reforms to strengthen cyber security, bolster law enforcement powers, and increase penalties for those engaging in ransomware.