Prompted by "a spate of high-profile ransomware incidents that have resulted in payments being made", the Ransomware Payments Bill 2021 would create a “ransomware payment notification scheme” that extends to all federal government entities and state and territory government agencies and corporations.
The new bill would require entities to disclose key details of the attack, including the attacker and their cryptocurrency wallet details, which the ACSC could then share in de-identified form through its threat sharing platform.
“It will require large businesses and government entities that choose to make ransomware payments to notify the ACSC before they make the payment,” Watts said, introducing the bill on Monday.
“This will allow our signals intelligence and law enforcement agencies to collect actionable intelligence on where this money is going so they can track and target the responsible criminal groups,
“We should be clear at this point. Ransoms should not be paid. Ever,
“Paying a ransom does not guarantee you’ll be able to quickly bring your systems back online or prevent further disruption, it does not guarantee your data won’t be leaked.
“What it does do is provide further resources to the criminal organisations mounting these attacks and create an incentive for them to carry out more attacks.
“But where organisations feel compelled to make these payments, government should be involved.” Watts said.
Diamond IT are monitoring the proposed Ransomware Notification Scheme closely and will provide further updates as they are released.
Ransomware is a type of malware that infects and restricts access to a computer system or files until a ransom is paid to unlock it.
Ransomware typically infects organisations through malicious email attachments (such as zip files, word docs, pdf's or emails) that are designed to look legitimate and include a link to a site that infects the computer. These emails often appear to be sent from reputable companies such as banks or large retailers, in order to trick the user into opening the attachment.
We can help you ensure your technology, policy and staff education programs align with best practice. Our Business Technology Consulting team are specialists in improving your internal cybersecurity.
If you need advice on how you can ensure your cybersecurity strategy is fit for purpose, contact our team on 1300 307 907.
*Transcript of Shadow Assistant Minister for Cyber Security Tim Watts introducing the bill sourced from itnews.