Australia’s Ransomware Action Plan
On Wednesday (13 October 2021) the Minister for Home Affairs announced the release of the Australian Government’s Ransomware Action Plan, which outlines the capabilities and powers that Australia aims to use to combat ransomware and provides information on where victims can go for help.
“CREST Australia welcomes the Commonwealth’s initiative to tackle the ongoing scourge of ransomware,” said Nigel Phair, Chair of CREST Australia. “CREST member companies are ideally situated to assist Australian organisations to reduce their likelihood of falling prey to such criminal activity.
“CREST’s ongoing work with governments worldwide to protect critical national infrastructure through bespoke intelligence-led security testing can also be leveraged by the Australian government to reduce ransomware.”
The plan introduces harsher punishments for all forms of cyberextortion and attempts to target critical infrastructure. It also criminalises the act of knowingly dealing with stolen data that has been obtained in the course of committing a separate criminal offence. It also criminalises buying or selling malware for the purposes of computer crimes.
Other highlights of the plan include:
- A new multi-agency taskforce – ‘Operation Orcus,’ led by the Australian Federal Police.
- The introduction of a mandatory ransomware incident reporting.
- The establishment of awareness raising programs for businesses.
- Be more active in calling out states that facilitate ransomware attacks or provide safe haven for cybercriminals.
- Actively track and intercept cryptocurrency transactions that have confirmed links to ransomware operations or other cybercrimes.
A copy of the plan is available here Australian Government’s Ransomware Action Plan