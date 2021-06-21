Image: iStock



The federal opposition has introduced a bill in Parliament that, if passed, would require organizations to inform the Australian Cyber ​​Security Center (ACSC) before payment is made to a criminal organization in response to a ransomware attack.

Ransomware 2021 Payment Invoicewas introduced in the House of Representatives on Monday by Shadow Assistant Minister for Cyber ​​Security Tim Watts.

According to Watts, such a scheme would be a political basis for a “coordinated government response to the ransomware threat, providing operational threat intelligence to inform law enforcement, diplomacy and cyber-attack operations”.

The reward payment notification scheme created by Bill, Watts said, would be the starting point for a comprehensive plan to tackle ransomware. She follows his party in February calling for a national ransomware strategy focused on reducing the number of such attacks on Australian targets.

At the time, Watts, along with Shadow Home Secretary Kristina Keneally, stated that because of ransomware which was the biggest threat facing Australia, it was time for a strategy to thwart it.

The bill submitted by Watts would require large businesses and government entities that decide to make ransomware payments to notify the ACSC before making the payment.

“This will allow our signal and law enforcement agencies to gather operational intelligence on where this money is going so that they can track down and target the responsible criminal groups,” Watts said. “And it will help others in the private sector by providing threatening de-identified action intelligence that they can use to protect their networks.”

As defined in Bill’s explanatory memorandum [PDF], if an entity makes a ransomware payment, they should provide the ACSC with their details, the attacker details and information about the attack to the extent known.

Information about the attack includes cryptocurrency portfolio details, payment amount, and compromise indicators. Failure to notify ACSC would incur a penalty.

The ACSC would be required to de-identify information for the purpose of informing the public and private sector about the current threat environment and to disclose information to Commonwealth, State or Territory Agencies for law enforcement purposes.

Under the bill, it would be a criminal offense to disclose personal information in addition to being used by law enforcement.

“We need to be clear that bonuses should not be paid. Ever,” Watts said. “Paying a ransom does not guarantee that you will be able to quickly restore your systems online or prevent further disruption, it does not guarantee that your data will not be leaked.

“What it does is provide further resources for the criminal organizations that carry out these attacks and create an incentive for them to carry out more attacks.

“But when organizations feel compelled to make these payments, the government needs to get involved.”

Using the claim that there has been a 200% increase in ransomware attacks on Australian organizations, Watts noted such as JBS Foods, UnitingCare Queensland, Eastern Health Hospital network in Victoria, Lions manufacturers, NSW Labor Party, Toll logistics – who copied two attacks, Bluescope, PRP Diagnostics, Regis Healthcare, Law In Order, Carnegie Clean Energy, coffee roaster Segafredo Zanetti and Taylors Wine as examples of why such a Bill is required.

JBS paid $ 11 million in ransom.

“Talking to incident responders fighting this tidal wave of attacks, it is clear to me that for every ransomware incident you read in the newspapers, there are a dozen that happen out of sight of the public,” he told the House of Representatives. “These attacks are an intolerable burden for Australian organizations.”

According to Watts, the current trajectory of these attacks and the traditional response required by organizations to implement an “ever-increasing increase in cyber resistance” was inefficient and unsustainable.

“A hospital should not be forced to use more and more of its scarce resources in fighting cybercriminals, it should use its resources to make the best people sick,” he said. “Our nation’s boards and executive teams need to be able to focus on making investments in its core business that create new jobs and increase shareholder returns, rather than constantly raising cyber security investments.

“Ransomware treatment can start with organizational security, but the conversation does not end.

“Unfortunately, this is the state of ransomware policy response under the Morrison Government – blaming the victims.”

The federal government in March gave advice on how to counter ransomware in Australia, encouraging the use of multi-factor authentication and encouraging businesses to maintain up-to-date software, archive data and backup, build systems security features, and train cyber hygiene employees.

At the time, Watts called the ransomware letter a missed opportunity. For Watts, it is not good enough to tell businesses to defend themselves by “locking their doors in front of cybercrime gangs”.

“Mandating the reporting of reward payments is far from a silver bullet for this national security problem, but it is an important first step,” he said Monday.

Related coverage