Australian Government releases Ransomware Action Plan

By Glendin Franklin-Browne | October 14, 2021

Ransomware Action Plan On 13 October 2021, Minister for Home Affairs, Karen Andrews announced the Australian Government's Ransomware Action Plan.

Prompted by a 15 per cent increase in the number of ransomware attacks reported to the Australian Cyber Security Centre in the past 12 months, the Ransomware Action Plan follows the Ransomware Payments Bill 2021 that was introduced to federal parliament earlier this year.  

The Australian Government says it will be investing $1.67 billion over 10 years through Australia’s Cyber Security Strategy 2020 to "build new cybersecurity and law enforcement capabilities, protect the essential services upon which we all depend, assist businesses to protect themselves and raise the community’s understanding of how to be secure online."

The approach promises to ensure that Australia can "maintain a consistent and mature security posture to meet security objectives well into the future."

"Put simply – Australia takes a zero-tolerance approach to ransomware." Karen Andrews said.

We've summarised the key commitments and objectives of the new plan for our customers, below.


Key commitments of the Ransomware Action Plan

The plan outlines the capabilities and powers that Australia will use to combat ransomware, providing additional information on where organisations that have fallen victim to ransomware attacks can go for help.​


  • The plan will also roll out a new mandatory ransomware incident reporting regime, which would require organisations with a turnover of over $10 million per year to formally notify the government if they experience a cyber attack.
  • New criminal charges will be introduced for cybercriminals who target critical infrastructure, deal in stolen data, and the buying or selling of malware.
  • The plan will see the government work to introduce additional legislative reforms that potentially allow law enforcement to track, seize or freeze ransomware gangs' proceeds of crime.
  • As part of the plan, a multi-agency taskforce led by the Australian Federal Police, called "Operation Orcus" has been created.


What are the objectives of the Ransomware Action Plan?

The Ransomware Action Plan is built on three objectives to deliver initiatives in the immediate and mid-term.

Objective 1: Prepare & Prevent

The government says that preparation and prevention are "at the forefront of managing the risk of ransomware attacks."

While maintaining a number of current and immediate initiatives, the plan promises to implement a number of future preparatory and prevention initiatives to combat ransomware, including:

  • Strengthening information sharing mechanisms;
  • Providing advice for critical infrastructure, large businesses and small to medium enterprises; and
  • Supporting initiatives to actively prevent known malicious cyber threats from reaching Australian consumers and businesses.

Objective 2: Respond & Recover

Strengthened response mechanisms for ransomware victims will help protect Australia and reduce the incentive to pay ransoms. The government says that ransomware perpetrators "should not be rewarded for their actions, and effective response initiatives must adopt a nationally consistent approach that provides incentives to victims to consider alternatives before paying ransoms."

As mentioned above, the respond and recover objective will introduce:

  • Legislative reforms to ensure law enforcement can investigate and seize ransomware payments; and
  • Legislative reforms to specifically mandate ransomware incident reporting to the Australian Government.

Objective 3: Disrupt & Deter

Engaging in disruption and deterrence measures directly aimed at ransomware perpetrators is a key aspect of Australia’s arsenal. This is achieved through cyber offensive capabilities and deterring cybercriminal strategies and business models. 

The disrupt and deter objective promises to:

  • Invest in joint operations with international counterparts to strengthen shared capabilities to detect,
    investigate, disrupt and prosecute malicious cyber actors that engage in ransomware;
  • Actively call out states who support or provide safe havens to cybercriminals; and
  • Tackle cryptocurrency transactions associated with the proceeds of ransomware crimes.


Let's fight Ransomware together

We can help you ensure your technology, policy and staff education programs align with best practice. Our Business Technology Consulting team are specialists in improving your internal cyber security.

If you need advice on how you can ensure your cyber security strategy is fit for purpose, contact our team on 1300 307 907.

Let's Talk Today

Download your free cyber security checklist

TAGS: News and General, Cyber Security,

About Glendin Franklin-Browne
Glendin Franklin-Browne

Glendin Franklin-Browne is Diamond IT's Business Technology Consulting Manager, and a practical cybersecurity specialist who is passionate about partnering with businesses to elevate their technology and cybersecurity strategy. With a diverse career in the technology industry spanning more than 25 years, Glendin is passionate about working with forward-thinking business leaders to create strategic technology roadmaps, improve cybersecurity posture and increase productivity.