Cybercriminals who use ransomware will face tougher penalties as the federal government cracks down on those trying to extort Australian businesses.
The Australian Cyber Security Centre reported in September it had received more than 500 ransomware cybercrime reports in 2020-21, an increase of 15%. Cyber ransoms had grown to become “one of the most significant threats to Australian organisations”, the report found.
In ransomware attacks, criminals hack into and take a company’s data, and hold it hostage until a ransom is paid.
The home affairs minister, Karen Andrews, said ransomware gangs were attacking businesses, individuals and critical infrastructure.
“Stealing and holding private and personal information for ransom costs victims time and money, interrupting lives and the operations of small businesses,” she said.
The government’s plan will introduce a new stand-alone offence for cyber extortion; a new stand-alone offence for criminals who target critical infrastructure; the criminalisation of dealing with stolen data, as a separate offence to taking the data, and the criminalisation of the buying or selling of malware for computer crimes.
The plan will also update legislation so “cybercriminals won’t be able to realise and benefit from their ill-gotten gains”, with more powers for law enforcement to freeze financial transactions.
Companies with turnovers of more than $10m a year who are hit by ransomware will also be forced to report the incident.
This week, the Cyber Security Cooperative Research Centre outlined how, in the panicky aftermath of a cyber ransom demand, Australian businesses are increasingly turning to shady “ransom brokers” and coughing up cash that keeps the criminals going.
The centre wants to starve out those cybercriminals – to “make them go hungry”.
Rachael Falk, the CEO of the research centre, said cyber insurance was a burgeoning industry in Australia and that insurance companies often used third-party brokers to negotiate and pay the ransom, usually in bitcoin.
Once a company discovered it had been hacked and had data stolen, it needed someone to engage with the cybercriminal.
“If you’re insured and covered for cyber extortion, the company will want to get involved …. they then shepherd you,” Falk said.
“They go through these third-party brokers who work in the shadows. We don’t know a lot about them. They negotiate the price. They won’t give away much but we know that they probably know who the more reputable cybercriminals are.”
Such brokers always existed in the real world, Falk said, dealing with kidnap situations. But now they were working in the online world, where ransomware was rife and demands for payment for the safe return of stolen data was booming.
Email: sign up for our daily morning briefing newsletter
The centre’s new report – titled Underwritten or oversold? How cyber insurance can hinder (or help) cybersecurity in Australia – argues that the cyber insurance industry lacks transparency. Often it includes exclusions for “losses occurring as the result of an act of terror or war” but can be vague about what that means.
It also often includes coverage for extortion and ransom payments, which serves “to feed the criminal enterprise of ransomware gangs, especially those that prey on insured organisations”.
“We want to make Australia a harder [place to] target,” Falk said.
“Paying the ransom is just feeding the food chain of the cybercriminals. It’s like the police paying the robbers to get your furniture back.”
Falk said the smarter move by businesses was to better protect their businesses and to back up data so they could get back up and running. There was an additional option for extortion if the hackers had uncovered embarrassing information, or were threatening to publish clients’ private details, she warned.
The federal government’s new plan to tackle ransomware gangs says the government “does not condone the payment of ransoms to cybercriminals”. “There is no guarantee that the payment will lead to your data being recovered, that the data won’t be on-sold, or that you will not be attacked again,” the report said.