New Bill to Mandate Ransomware Payment Reporting

By Samantha Cordell | June 23, 2021

New On Monday 21 June, Shadow Assistant Minister for Cyber Security Tim Watts introduced a private member’s bill in federal parliament, requiring businesses and government agencies to notify the Australian Cyber Security Centre (ACSC) before paying a ransomware amount.

Prompted by "a spate of high-profile ransomware incidents that have resulted in payments being made", the Ransomware Payments Bill 2021 would create a “ransomware payment notification scheme” that extends to all federal government entities and state and territory government agencies and corporations.

The new bill would require entities to disclose key details of the attack, including the attacker and their cryptocurrency wallet details, which the ACSC could then share in de-identified form through its threat sharing platform.

“It will require large businesses and government entities that choose to make ransomware payments to notify the ACSC before they make the payment,” Watts said, introducing the bill on Monday.

“This will allow our signals intelligence and law enforcement agencies to collect actionable intelligence on where this money is going so they can track and target the responsible criminal groups, 

“We should be clear at this point. Ransoms should not be paid. Ever,

“Paying a ransom does not guarantee you’ll be able to quickly bring your systems back online or prevent further disruption, it does not guarantee your data won’t be leaked.

“What it does do is provide further resources to the criminal organisations mounting these attacks and create an incentive for them to carry out more attacks.

“But where organisations feel compelled to make these payments, government should be involved.” Watts said.

Diamond IT are monitoring the proposed Ransomware Notification Scheme closely and will provide further updates as they are released.

 

What is ransomware?

Ransomware is a type of malware that infects and restricts access to a computer system or files until a ransom is paid to unlock it.

Ransomware typically infects organisations through malicious email attachments (such as zip files, word docs, pdf's or emails) that are designed to look legitimate and include a link to a site that infects the computer. These emails often appear to be sent from reputable companies such as banks or large retailers, in order to trick the user into opening the attachment. 

 


How can Diamond IT support your cybersecurity needs?

We can help you ensure your technology, policy and staff education programs align with best practice. Our Business Technology Consulting team are specialists in improving your internal cybersecurity.


If you need advice on how you can ensure your cybersecurity strategy is fit for purpose, contact our team on 1300 307 907.

LET'S TALK

*Transcript of Shadow Assistant Minister for Cyber Security Tim Watts introducing the bill sourced from itnews.

New call-to-action

TAGS: Business Value, Cyber Security, Business Technology Consulting,

About Samantha Cordell
Samantha Cordell

It is not surprising that our Head of Marketing, Samantha (Sam) has spent most of her (nearly) 30-year career in the IT industry. Sam studied a combination of computer science and marketing at the University of New England. Her dynamic, energetic and pragmatic style lends itself perfectly to tech. With a background working with major players such as Microsoft, Intel and Cisco Systems, Sam is energised by driving meaningful marketing outcomes for industry leaders.