Australia’s Ransomware Action Plan

On Wednesday (13 October 2021) the Minister for Home Affairs announced the release of the Australian Government’s Ransomware Action Plan, which outlines the capabilities and powers that Australia aims to use to combat ransomware and provides information on where victims can go for help.

“CREST Australia welcomes the Commonwealth’s initiative to tackle the ongoing scourge of ransomware,” said Nigel Phair, Chair of CREST Australia.   “CREST member companies are ideally situated to assist Australian organisations to reduce their likelihood of falling prey to such criminal activity.

“CREST’s ongoing work with governments worldwide to protect critical national infrastructure through bespoke intelligence-led security testing can also be leveraged by the Australian government to reduce ransomware.”

The plan introduces harsher punishments for all forms of cyberextortion and attempts to target critical infrastructure. It also criminalises the act of knowingly dealing with stolen data that has been obtained in the course of committing a separate criminal offence. It also criminalises buying or selling malware for the purposes of computer crimes.

Other highlights of the plan include:

A copy of the plan is available here Australian Government’s Ransomware Action Plan