Australia announces Ransomware Action Plan: Key Takeaways
The Australian Home Minister has announced the “Ransomware Action Plan.” It is a series of new steps that the country will use to combat the global danger of ransomware, Bleeping Computer reported.
The plan will create a new agency to deal with ransomware incidents, further awareness programs, etc.
Key Takeaways from the Action Plan
According to the Office of the Australian Information Commissioner (OAIC), data breaches caused by ransomware attacks increased by 24% in the first half of 2021 compared to the second half of 2020.
The key highlights include the following:
- The formation of a multi-agency taskforce named ‘Operation Orcus,’ led by the AFP (Australian Federal Police).
- The introduction of a mandatory ransomware incident reporting clause for all victimized entities.
- The establishment of awareness-raising programs for businesses of all sizes.
- The introduction of harsher punishments for cyber extortionists and ransomware actors based in the country.
- Be more active in calling out states that facilitate ransomware attacks, or provide safe havens to cybercriminals.
- Actively track and intercept cryptocurrency transactions that have confirmed links to ransomware operations or other cybercrimes.
The plan is backed by an AU $164.9 million ($121.2 million) investment. The AFP will also hire additional 100 agents with the fund. The new task force’s mission will be to identify, investigate, and ‘targeting’ cyber offenders.
The Surveillance Legislation Amendment Act
The government is also trying to establish additional authorities through the Surveillance Legislation Amendment Act 2021. The law will help increase the ability to conduct investigations and thwart ransomware attacks.
The Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) will be able to delete or remove data linked to suspected criminal activity, gain access to devices and networks, and even take control of online accounts for investigation purposes under this new legislation.
Law enforcement will be able to remove data stolen during ransomware attacks and stored it on attacker-controlled servers for use in double-extortion schemes with these new powers. If a victim does not pay the ransom, law enforcement intends to prevent data breaches by deleting the data.
In terms of assisting victims, the plan includes AU $6.1 million ($4.5 million) to assist firms in recovering from catastrophic breaches. It also includes training small and medium-sized organizations on how to enhance their cybersecurity posture. The U.S. has also issued an online helpline to support ransomware victims.
Action against ransomware around the world
The INTERPOL Secretary-General recently termed the state of affairs to be a “ransomware pandemic“. While the U.S. Treasury Department’s advisory says that ransomware payments reached over $400 million in 2020, Chainalysis reported that criminals made $350 million in 2020 from ransomware payments. It shows an increase of 311% in one year. Palo Alto Networks reported an increase in ransomware payments by nearly 171%. In May 2021, the Darkside ransomware gang reportedly made $90 million in merely 9 months of operation.
According to a report by Check Point Research, India is the most ransomware-affected nation in 2021. 74% of Indian companies were hit by ransomware attacks in 2020.
The U.S. issued guidance to investigate ransomware & terrorist attacks alike. The US House Committee on Homeland Security also passed five bipartisan bills to strengthen defence capabilities.
Last week, a multi-national initiative hacked into and took down the notorious REvil ransomware group. Earlier, the FBI retrieved Bitcoins paid as ransom in the Colonial Pipeline incident.
Do subscribe to our Telegram group for more resources and discussions on tech-law. To receive weekly updates, don’t forget to subscribe to our Newsletter.