iTnews
  • Home
  • News
  • Technology
  • Security

Labor introduces bill to mandate ransomware payment reporting

By Justin Hendry on Jun 21, 2021 12:31PM
Labor introduces bill to mandate ransomware payment reporting

After spate of high-profile attacks.

The federal opposition has introduced a bill that would require businesses and government agencies to notify the Australian Cyber Security Centre before paying a ransomware gang.

Shadow Assistant Minister for Cyber Security Tim Watts introduced the private member’s bill in federal parliament on Monday following a spate of high-profile ransomware incidents that have resulted in payments being made.

ACSC advice is not to pay a ransom. "There is no guarantee paying the ransom will fix your devices," the centre advises. "It can also make you vulnerable to future attacks."

Watts cited more than a dozen attacks in the last 18 months, including against meat processor JBS Foods - which forked out $14 million earlier this month, Nine Entertainment and UnitingCare Queensland.

Organisations often decline to answer questions about whether or not a payment was made.

The Ransomware Payments Bill 2021 would create a “ransomware payment notification scheme” that extends to corporations, all federal government entities and state and territory government agencies.

“It will require large businesses and government entities that choose to make ransomware payments to notify the ACSC before they make the payment,” Watts said, introducing the bill on Monday.

Entities would be required to disclose key details of the attack, including the attacker and their cryptocurrency wallet details, which the ACSC could then share in de-identified form through its threat sharing platform.

“This will allow our signals intelligence and law enforcement agencies to collect actionable intelligence on where this money is going so they can track and target the responsible criminal groups,” Watts said.

“And it will help others in the private sector by providing de-identified actionable threat intelligence that they can use to defend their networks. Importantly, it will give us a fuller picture of ransomware attacks in Australia and the scale of the threat.”

Watts said that such a notification scheme was recommended in a report by US-based think tank the Institute for Security and Technology and by former US Cybersecurity and Infrastructure Security Agency (CISA) Chris Krebs.

“We should be clear at this point. Ransoms should not be paid. Ever,” Watts said.

“Paying a ransom does not guarantee you’ll be able to quickly bring your systems back online or prevent further disruption, it does not guarantee your data won’t be leaked.

“What it does do is provide further resources to the criminal organisations mounting these attacks and create an incentive for them to carry out more attacks.

“But where organisations feel compelled to make these payments, government should be involved.”

Watts said the bill, if passed, would act as a “policy foundation for a coordinated government response to the threat of ransomware” and the “starting point for… a comprehensive plan to tackle ransomware”.

Labor has been pushing for a national ransomware strategy since February to help reduce the frequency of attacks.

The government has so far resisted calls, though it has released a series of guides providing advice to businesses.

“Mandating reporting of ransom payments is far from a silver bullet for this national security problem, but it’s an important first step,” Watts said.

Watts added that the government had “gone missing when called on to act on the biggest cyber threat facing Australian organisations” at a time when the US government is stepping up, including by elevating ransomware investigations by assigning them a similar priority to terrorism.

According to Home Affairs boss Mike Pezzullo, the government is currently weighing the merits of a mandatory reporting requirement on organisations that are attacked or extorted by cyber criminals, though it is not clear what form this will take.

Earlier this month, Australia’s spy agency chief Rachel Noble cited an unnamed company’s refusal to work with the government when responding to a cyber attack as evidence of the need for laws that would compel some form of cooperation.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
billcybercyber securitylaborlawlegislationransomwareransomware notificationsecurity

Partner Content

Digital signatures propel Australian Unity with rapid time to value
Digital signatures propel Australian Unity with rapid time to value
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Justin Hendry
Jun 21 2021
12:31PM
0 Comments

Related Articles

  • Labor reintroduces ransomware bill in the senate
  • Government plans mandatory reporting, new offences for ransomware crackdown
  • Hackers face 25 years' jail for ransomware attacks on critical infrastructure
  • NSW bans police from accessing QR code check-in data
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs

NBN Co proposes to axe CVC across all plans by mid-2026

NBN Co proposes to axe CVC across all plans by mid-2026

Wesfarmers to stand up offensive cyber security capabilities

Wesfarmers to stand up offensive cyber security capabilities

Digital Nation

Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.