The measure takes a firm stance against ransomware payments: Interior minister
The country has decided to introduce tougher penalties for cybercriminals after last year’s surge in cyberattacks against critical Australian infrastructure, including high-profile businesses and government agencies. “Ransomware Action Plan”.
These new sets of measures criminalize the sale of stolen data and the purchase of malware for computer crime purposes, discourage victims from paying cyber-attack ransoms, and allow international cybercriminals to use their funds. It is trying to stop them from targeting Australian institutions by controlling the flow. Enter the world of ransomware.
“Ransomware Action Plan stands firm — Australian government won’t tolerate ransom payments to cybercriminalsHome Secretary Karen Andrews Said.
“Ransom payments, big and small, fuel ransomware business models and put other Australians at risk,” she added.
Operation Orcus, a multi-agency task force known for providing recommendations that lead to action plans, was established by the Australian government earlier this year to address the growing number of ransomware attacks.
Australian companies and institutions such as Uniting Care Queensland, brewer Lion, Nine Entertainment and NSW Labor Party were attacked last year by malware deployments such as REvil and DarkSide, mostly by Russian cybercriminals. They encrypted or stole sensitive information during these attacks and demanded a ransom in cryptocurrencies.
As part of these measures, the Ransomware Action Plan empowers authorities to seize or freeze crypto transactions related to cybercrime, regardless of the country of origin.
The plan also aims to work with governments to modernize current laws to provide authorities with tools to track and recover funds stolen by cybercriminals.
While these measures are currently being developed, the Security Act Amendments 2020 (Critical Infrastructure) Bill is already under consideration in the Australian Parliament. Security law changes seek to increase governments’ ability to take action against cybercriminals and require victims to report ransomware attacks.