Australian regulators demand businesses report ransomware cyberattacks

Regulators in Australia have made it mandatory for local companies to alert the government of ransomware cyberattacks on their businesses. As per reports, this comes as a part of its national cybersecurity strategy, which is set to be released this month.

Businesses will be obliged to be fully transparent with their activities. However, this mandatory system would not be backed by a fine if a company fails to comply.

While the new system would still allow them to pay ransoms, the National Cyber Security Coordinator Air Marshal, Darren Goldie, has publicly discouraged companies to do so.

The government also plans on consulting the business community on its design before putting the system in place. The Minister for Home Affairs and Cyber Security, Clare O’Neil, specified saying: “We’ll create a ransomware playbook that will provide clear guidance to businesses and citizens on how to prepare for, deal with, and bounce back from ransom demands.”

The Ransomware Payments Bill 2021 was introduced by Labor in the Australian Senate to address the growing threat of the activity to local businesses and the economy.

Ransomware is described as malicious software that denies access to IT systems, rendering computers and files unusable, often accompanied by a threat to release sensitive data unless a ransom is paid.

The Australian Cyber Security Centre has identified it as a significant threat to the country’s businesses and governments, with potential costs to the Australian economy of up to $2.59billion annually.

In a speech discussing the same in the Australian Senate, Senator Urquhart cited several instances of ransomware attacks in Australia and abroad, including attacks on Nine Entertainment, UnitingCare, Eastern Health, and JBS Foods in Australia, and the Colonial pipeline in the United States.

Back when this bill was introduced in 2021, Urquhart had claimed that there was a lack of obligation or incentive for organisations to report ransomware attacks. This often leads to underreporting due to concerns about reputational harm, insurance implications, and legal liability, said the Senator.

It, therefore, proposed a mandatory notification scheme for ransomware payments. Entities intending to make a ransom payment would be required to notify the Australian Cyber Security Centre (ACSC) with details of the attack.

The scheme is aimed at collecting actionable threat intelligence and creating a more comprehensive understanding of the cybersecurity threat landscape. It is also expected to help in sharing de-identified intelligence with Australian businesses to improve cybersecurity, inform counter-actions by the ACSC or law enforcement, and enable targeted policy responses to protect Australian businesses and critical sectors.

The US Department of Justice had also announced doubling the size of its crypto crimes team in July in order to focus on combating ransomware crimes in the country. Australia, along with the US, has signed a pledge with 38 other countries to refuse ransomware payments going forward.

The move was a part of the International Counter Ransomware Initiative conference, which is an annual event that has also established other cooperative programs and pledges like agreements to improve sharing of information about the cryptocurrency accounts used to receive ransomware payments and so on.

According to blockchain data platform Chainalysis, crypto mining pools are often used to launder the funds acquired through exploits such as ransomware attacks. It claims to have observed an increase in the value sent from ransomware wallets to mining pools. In its report, the research firm also highlighted how an exchange wallet address had received $158.3m from ransomware addresses since 2018.