Australia to Outlaw Paying Ransom to Cybercriminals

Two Australian flags waving outside a government building in Victoria, Australia.

Australia’s Minister for Cyber Security Clare O’Neil revealed on Sunday that the government is considering a ban on ransom payments to cybercriminals to discourage future ransomware attacks.

In a televised interview, O’Neil said the Australian government plans to take proactive measures in the wake of recent high-profile cyber attacks. She hinted at stricter privacy laws that may outlaw ransom payments and set out data retention guidelines.

This revelation comes just a day after Australian authorities announced the formation of a new cyber task force to combat online crime.

O’Neil has expressed sympathy for Australians affected by the recent cyberattacks, including the Medibank breach. On Saturday, O’Neil and Australia’s Attorney-General Mark Dreyfus blamed “Russian thugs” for the incident.

‘Silly’ to Trust That Hackers Would Delete Stolen Data

O’Neil spoke about the Australian government’s plan to outlaw ransom payments in an interview with ABC, saying the country needs to “wake up out of the cyber-slumber.”

“The idea that we’re going to trust these people to delete data that they have taken off and may have copied a million times is just frankly silly,” she said.

Last week, the BlogXX ransomware group released the sensitive information of over five million Medibank customers on the dark web.

O’Neil had expressed support for Medibank’s decision not to pay up the $15 million ransom. She said it is consistent with government recommendations.

The minister reaffirmed this on Sunday, explaining that giving in to the monetary demands of cybercriminals would “fuel the ransomware business model.”

‘Increased Privacy Penalties for Customer Data’

During the launch of Australian Cyber Week 2022 on Monday, O’Neil said the government is working to amend Australia’s privacy laws to increase penalties on companies for data breaches that expose customer data.

In October, Australia’s Attorney-General said the proposed bill would “significantly increase penalties for repeated or serious privacy breaches.”

Under the revised bill, the maximum penalty for data breaches may be AUD$50 million, thirty percent of the company’s adjusted turnover, or an amount that is equivalent to thrice the value of what cybercriminals aim to obtain from “misuse” of the data, Dreyfus said in a statement.

O’Neil said the new regulations would also include tighter rules for data retention. She described the current situation as a “national vulnerability.”

Recent incidents, including the Optus breach, affected people who stopped using the service up to a decade ago, she explained.

“What we need to make sure is that companies are only holding data for the point in time where it’s actually useful,” she said.

Local and Global Task Force to Take Down Cybercriminals

On Saturday, O’Neil announced the formation of a permanent Joint Standing Operation to address growing cybercrime in the country. The task force will comprise 100 officers from the Australian Federal Police and the Australian Signals Directorate.

O’Neil said the task force would go on the offensive and work to bring down hackers and cybercrime groups.

“Cyber-security is a core national security focus of our government,” O’Neil said. “It is beyond doubt now that this is a crime type that will continue in our country so today we’re putting cyber-criminals on notice the Joint Standing Operation will not simply be responding to crimes as they affect Australians, they will be hunting these gangs around the world and disrupting the activities of these people.”

O’Neil has also highlighted the importance of collaborating with other security agencies and working to create a “global counter-ransomware task force.”

“It weakens these groups if governments like ours collaborate with the FBI and other police forces and intelligence agencies around the world,” she told ABC.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.