Cybercriminals who use ransomware will face stiffer penalties as the federal government clamps down on those who attempt to 'extort Australian companies.
The Australian Cyber Security Center reported in September that it had received over 500 reports of cybercrime ransomware in 2020-2021, i.e. an increase of 15%. Cyber ransoms have become "one of the biggest threats to Australian organizations ", according to the report.
In ransomware attacks, criminals hack and take a company's data, and hold it hostage until a ransom is paid.
Home Secretary Karen Andrews has said ransomware gangs are attacking businesses, individuals and critical infrastructure.
"The theft and retention of private and personal information for ransom costs victims time and money, disrupting lives and small business operations," he said. she said.
Government plan will introduce new stand-alone offense for cyber extortion; a new stand-alone offense for criminals who target critical infrastructure; the criminalization of the processing of stolen data, as an offense distinct from the taking of data, and the criminalization of the purchase or sale ofMalware for computer crimes.
The plan also update legislation so that "cybercriminals cannot realize and benefit from their ill-gotten gains", with more powers for law enforcement to freeze financial transactions.
Businesses with turnover exceeding $ 10 million per year and who are affected by ransomware will also be required to report the incident.
This week, the Cyber Security Cooperative Research Center explained how, overnight From an online ransom demand, Australian companies are increasingly turning to shady "ransom brokers " and coughing up money that keeps criminals alive.
The center wants to starve these cybercriminals - to "make them hungry ".
Rachael Falk, CEO of the research center, said cyber insurance is a booming industry in Australia and that insurance companies often used third-party brokers to negotiate and pay the ransom, usually in bitcoin.
Once a company discovered that it it had been hacked and data stolen, she needed someone to engage with the criminal c yber.
"If you are insured and covered against cyber extortion, the company will want to get involved .... they guide you then, "said Falk.
" They go through these third-party brokers who work in the shadows. Not much is known about them. They trade the prix. They won't reveal much, but we do know that they probably know who the most notorious cybercriminals are.
Such brokers have always existed in the real world, said Falk, handling kidnapping situations. But now they were working in the online world, where ransomware was rampant and payment demands for the safe return of stolen data were booming.
The new report from the center - titled Underwritten or oversold? How cyber insurance can hamper (or help) cybersecurity in Australia - argues that the cyber-i Insurance industry lacks transparency. It often includes exclusions for "losses resulting from an act of terror or war", but can be vague on what that means.
It also often includes coverage for extortion and ransom payments, which are used to" fuel the criminal enterprise of ransomware gangs, especially those that prey on insured organizations. "
"We want to make Australia a more difficult country [place to] target," Falk said.
" Paying the ransom only feeds the cybercriminals food chain. It 's like the police are paying thieves to get your furniture back. "
Falk said the smartest move for businesses was to better protect their businesses and back up data so they could get back on track. There was an additional option for extortion if the hackers discovered embarrassing information, or threatened to release clients' private details, she warned.
The new plfederal government to tackle ransomware gangs says the government "does not tolerate ransom payments to cybercriminals ". "There is no guarantee that payment will result in the recovery of your data, that the data will not be resold or that you will no longer be attacked ", the report says.