AFP leading new cross-agency ransomware taskforce

The federal government has formed a taskforce to centralise law enforcement efforts in the fight against ransomware, with intelligence to be used by Australia's cyber spooks to disrupt criminal gangs.

Called Operation Orcus, the new cross-agency taskforce will target ransomware attacks that have direct links to sophisticated organised crime groups operating within Australia and overseas.

It follows a spate of high-profile ransomware incidents over the past couple of months, including against meat processor JBS Foods, Nine Entertainment and UnitingCare Queensland.

The law enforcement operation comes several months after the US government revealed a similar initiative to curtail ransomware attacks, which it has recently backed up with a reward scheme.

The Australian Federal Police is leading the local taskforce, and will work with the Australian Cyber Security Centre (ACSC), Australia Criminal Intelligence Commission, AUSTRAC and state and territory police agencies.

Intelligence collected through the operation is expected to be used by the ACSC to disrupt ransomware operations run by offshore criminals using offensive cyber operations.

In a statement, Home Affairs minister Karen Andrews said the AFP-led operation against ransomware gangs would help protect Australia’s digital economy.

“Time’s up for the organised criminals who prey on our schools, hospitals, businesses and private citizens with this despicable technology,” she said.

Andrews added that the government had already provided $89.9 million through the 2020 cyber security strategy to bolster the AFP’s ability to disrupt and identify cyber crime.

As a result of the funding, the number of AFP staff working at the ACSC is slated to more than double, from 13 to 35.

The taskforce announcement comes as the government considers a mandatory reporting scheme for ransomware payments, which has also been proposed by the federal opposition.

Shadow assistant minister for cyber security Tim Watts introduced a private members’ bill last month to create such a notification scheme.

Watts has been calling for a national ransomware strategy since February to help reduce the frequency of attacks.

Last week, the government’s own Cyber Security Advisory Committee recommended that the government adopt a “clearer policy position on the payment of ransoms”.

The ACSC currently advises organisations not to pay a ransom as there is “no guarantee paying ... will fix your devices”.

“My advice to anyone held to ransom by these criminals is simple: do not pay – contact police and the ACSC,” Andrews added.

“Don’t reward criminal behaviour with a payment, especially when there is no guarantee you’ll get anything back.”