Australian government releases anti-ransomware action plan

Australia’s Home Affairs Minister has announced the “Australian Government’s Ransomware Action Plan”, a series of new measures the country will take in response to the growing threat. The Ransomware Action Plan takes a decisive stance – that the government will not allow ransom payments to cybercriminals. Any ransom payment will only fuel the ransomware business model. The Australian government has zero tolerance for ransomware attacks.

Government’s stance against ransomware attacks is clear

“We continue to observe cybercriminals successfully using ransomware to disrupt services and steal data from Australians,” Home Affairs Minister Karen Andrews said in the foreword to the action plan. “Whether it’s targeting critical infrastructure, targeting small businesses, or Ransomware is used by cybercriminals to cause real and lasting harm to Australians by targeting the most vulnerable members of our community. In response, the Australian Government is taking concrete action to protect Australians, including working with our international and business partners , to combat this global threat.”

“Criminals attack simultaneously, exploiting or stealing as many victims as possible. Australia has faced a 15 per cent increase in ransomware attacks over the past 12 months, according to the Australian Cyber ​​Security Centre. In the future of a modern and leading digital economy, safety, security and trust in the web-enabled systems we all depend on have never been more important.”

The Ransomware Action Plan has taken a decisive stance – the Australian government will not allow ransom payments to cybercriminals. Any ransom payment, big or small, fuels the ransomware business model and puts other Australians at risk. Paying the ransom does not guarantee access to locked systems or sensitive data, and may expose victims to repeated attacks.

Government authorities need to ensure that Australia remains an unattractive target for criminals and a hostile place for their activities.

Recognising that there have been several cyber and ransomware operations, the changing nature of this threat means Australia needs to remain nimble and be prepared to rapidly adopt different approaches over time. This approach will ensure that Australia can maintain a consistent and mature security posture, well-positioned to achieve its security objectives in the future.

Simply put, Australia has zero tolerance for ransomware.

Ransomware is a global problem and Australian businesses have not been left out of costly service disruption attacks. In July, the government warned of escalating LockBit activity in the country.

According to a report by the Office of the Australian Information Commissioner (OAIC), data breaches caused by ransomware attacks increased by 24% in the first half of 2021 compared to the second half of 2020.

In response to the risk, the Australian government has approved a massive 1.67 billion Australian dollar ($1.23 billion) ten-year investment through Australia’s 2020 Cybersecurity Strategy, of which the ransomware program is part.

New Ransomware Action Plan Key Highlights

The core content of the anti-ransomware action plan released by the Australian government has three parts, namely preparation and prevention, response and recovery, destruction and deterrence, and the key highlights are as follows:

A multi-agency task force called Operation Okus was formed, led by the AFP (Australian Federal Police).

Introduce mandatory ransomware incident reporting provisions for all victimized entities.

Create awareness programs for businesses of all sizes.

Implement tougher penalties for cyber extortionists and ransomware perpetrators in the country.

More aggressive calls to sanction countries that facilitate ransomware attacks or provide safe havens for cybercriminals.

Actively track and block cryptocurrency transactions that are confirmed to be linked to ransomware operations or other cybercrimes.

By complementing a range of existing initiatives, it will ensure cybercriminals and ransomware have no place in Australia, the action plan’s future outlook says. The government will:

– take action to make it a firm target for criminals seeking to damage and profit from Australian businesses and individuals;

– more action against criminals targeting Australia with ransomware; and

– Build better resilience by reviewing existing regulations and strengthening safeguards, while further punishing ransomware, including tougher penalties for those attacking Australia’s critical infrastructure.

Together we will develop Australia’s future as a modern and leading digital economy – safe, secure and maintaining the highest levels of trust and confidence.

The program was backed by an investment of A$164.9 million ($121.2 million), about half of which was used to hire another 100 AFP agents. The new task force will take on the role of identifying, investigating and targeting cybercriminals.

A solution to double extortion

To further strengthen its ability to investigate and disrupt ransomware attacks, the government is seeking to gain new powers through the Surveillance Legislation Amendment Bill 2021.

Under the new legislation, the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) will have the power to delete or delete data related to suspected criminal activity, allow access to devices and networks, and even allow takeover of online accounts for investigative purposes.

These new powers will allow law enforcement to delete data stolen in ransomware attacks, as well as data stored on servers operated by attackers for double extortion. By deleting this data, law enforcement hopes to prevent potential data breaches without victims paying the ransom.

In terms of supporting victims, the program also includes AU$6.1 million ($4.5 million) to help businesses recover from catastrophic cyberattacks and to train SMEs on how to improve their cybersecurity posture.

Australia’s announced new ransomware action plan is in line with what international allies are doing to tackle the problem. On October 13, US Eastern Time, the National Security Council convened more than 30 countries to hold a global anti-extortion conference, and Australia was invited to participate. Two notable countries, Russia and China, did not participate.

[Idlers Gossip]This week can be called the extortion theme week. The cyber security awareness month in the United States is in full swing. The 30+ international anti-ransomware conference is closed to discuss the international alliance’s cooperation and anti-ransomware plan. On the other hand, cybercriminals are arrogant and ransomware attacks occur one after another. First, the famous Japanese company Olympus suffered the second ransomware attack in 2021, and the network system in the Americas was forced to go offline. Immediately afterwards, the Hillel Yaffe Medical Center in Israel was attacked by extortion. The head of the country’s cyber council confirmed the news at the 30+ multi-national anti-ransomware conference. The specific loss is still unclear. Acer, a well-known Taiwanese computer company, suffered another ransomware attack. The company’s after-sales service system in India was subjected to a so-called “isolation attack”. The attackers stole 60G of data and threatened to make it public. This is also Acer’s second ransomware encounter this year. The most incredible are Acer and Olympus. The previous extortion experience did not buy a lesson. This is another time. It was only about a month before and after Olympus was robbed twice. Large multinational companies are still like this, they can only sigh! !

The road to anti-ransomware is a long way off! It’s time for the Australian government to launch an anti-ransomware action plan!

Reference resources

1. https://www.bleepingcomputer.com/news/security/australia-to-tackle-ransomware-data-breaches-by-deleting-stolen-files/

2,

http://www.homeaffairs.gov.au/cyber-security-subsite/files/ransomware-action-plan.pdf

The Links:   FLC48SXC8V-12 LTD121C31S