Australian Government releases Ransomware Action Plan

On 13 October 2021, Minister for Home Affairs, Karen Andrews announced the Australian Government's Ransomware Action Plan.

Prompted by a 15 per cent increase in the number of ransomware attacks reported to the Australian Cyber Security Centre in the past 12 months, the Ransomware Action Plan follows the Ransomware Payments Bill 2021 that was introduced to federal parliament earlier this year.  

The Australian Government says it will be investing $1.67 billion over 10 years through Australia’s Cyber Security Strategy 2020 to "build new cybersecurity and law enforcement capabilities, protect the essential services upon which we all depend, assist businesses to protect themselves and raise the community’s understanding of how to be secure online."

The approach promises to ensure that Australia can "maintain a consistent and mature security posture to meet security objectives well into the future."

"Put simply – Australia takes a zero-tolerance approach to ransomware." Karen Andrews said.

We've summarised the key commitments and objectives of the new plan for our customers, below.

Key commitments of the Ransomware Action Plan

The plan outlines the capabilities and powers that Australia will use to combat ransomware, providing additional information on where organisations that have fallen victim to ransomware attacks can go for help.​

Additionally:

• The plan will also roll out a new mandatory ransomware incident reporting regime, which would require organisations with a turnover of over $10 million per year to formally notify the government if they experience a cyber attack.
• New criminal charges will be introduced for cybercriminals who target critical infrastructure, deal in stolen data, and the buying or selling of malware.
• The plan will see the government work to introduce additional legislative reforms that potentially allow law enforcement to track, seize or freeze ransomware gangs' proceeds of crime.
• As part of the plan, a multi-agency taskforce led by the Australian Federal Police, called "Operation Orcus" has been created.

What are the objectives of the Ransomware Action Plan?

The Ransomware Action Plan is built on three objectives to deliver initiatives in the immediate and mid-term.

Objective 1: Prepare & Prevent

The government says that preparation and prevention are "at the forefront of managing the risk of ransomware attacks."

While maintaining a number of current and immediate initiatives, the plan promises to implement a number of future preparatory and prevention initiatives to combat ransomware, including:

• Strengthening information sharing mechanisms;
• Providing advice for critical infrastructure, large businesses and small to medium enterprises; and
• Supporting initiatives to actively prevent known malicious cyber threats from reaching Australian consumers and businesses.

Objective 2: Respond & Recover

Strengthened response mechanisms for ransomware victims will help protect Australia and reduce the incentive to pay ransoms. The government says that ransomware perpetrators "should not be rewarded for their actions, and effective response initiatives must adopt a nationally consistent approach that provides incentives to victims to consider alternatives before paying ransoms."

As mentioned above, the respond and recover objective will introduce:

• Legislative reforms to ensure law enforcement can investigate and seize ransomware payments; and
• Legislative reforms to specifically mandate ransomware incident reporting to the Australian Government.

Objective 3: Disrupt & Deter

Engaging in disruption and deterrence measures directly aimed at ransomware perpetrators is a key aspect of Australia’s arsenal. This is achieved through cyber offensive capabilities and deterring cybercriminal strategies and business models. 

The disrupt and deter objective promises to:

• Invest in joint operations with international counterparts to strengthen shared capabilities to detect,
  investigate, disrupt and prosecute malicious cyber actors that engage in ransomware;
• Actively call out states who support or provide safe havens to cybercriminals; and
• Tackle cryptocurrency transactions associated with the proceeds of ransomware crimes.

Let's fight Ransomware together

We can help you ensure your technology, policy and staff education programs align with best practice. Our Business Technology Consulting team are specialists in improving your internal cyber security.

• Cyber Security Awareness Training 
• Cyber and Data Breach consulting and forensic analysis
• Disaster Recovery (DR) planning 

If you need advice on how you can ensure your cyber security strategy is fit for purpose, contact our team on 1300 307 907.