IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Australia considers ransomware payment ban, additional Medibank files leaked

REvil has claimed responsibility for the attack amidst continued refusal by Medibank to pay the ransom

The Australian government has said it is considering the introduction of legislation that would ban companies from paying ransom demands set by hackers in ransomware attacks.

In an interview on Australia’s ABC, home affairs minister Clare O’Neil said that there are “some really big policy questions that we’re going to need to think about and consult on, and we’re going to do that in the context of the cybersecurity strategy”.

When directly asked if the government could seek to bar companies from providing threat actors with ransom payments, O’Neil responded “that’s correct”.

O'Neil's comments come in the wake of a series of high-profile cyber attacks on Australian private sector businesses that left millions of its citizens' records exposed.

Medibank is the latest of eight high-profile Australian firms to be hit by ransomware attacks, having disclosed on 19 October that it had been hit by a cyber attack now believed to have affected 9.7 million past and present customers.

Other attacks include one against telco giant Optus, affecting 10 million Australians, and a service used by the Australian Department of Defence.  

The REvil ransomware group has claimed responsibility for the Medibank attack, posting stolen data on its leak blog in numerous stages. Records belonging to an additional 500 Medibank customers were posted on 13 November, including their names, addresses, email addresses, and unique customer numbers.

In a post on the REvil blog, the group taunted Medibank, stating “we warned you, we always keep our word, if we wouldn't receive a ransom - we should post this data, because nobody will believe us in the future.” In the same post, it was announced that the next batch of data will be posted on Friday.

When it first reported the attack, Medibank indicated that it was negotiating with the hackers behind the attack, while trying to ascertain if data had been stolen.

However, since establishing the scale of the breach, the firm has refused to make a ransom payment to the group behind the attack, stating that cyber security experts have said it is unlikely that the threat actor would remain true to their word in returning unpublished data.

Related Resource

The long road ahead to ransomware preparedness

Getting to the bigger truth

Whitepaper cover with title and image of road with speeding light graphicsFree Download

The REvil group has long been a threat to businesses, and has claimed attacks against Kaseya, and August's attack on the Midea Group. It was the subject of a series of mass arrests in November 2021 carried out by the US Department of Justice, Interpol, Europol, and authorities from Romania alongside 17 other countries, after which its activity seemingly shut down before resuming activity in mid 2022

Along with the medical data that it is threatening to continue posting, REvil claimed to have access to “source codes, list of stuff, and some files obtained from medi filesystem from different hosts”. Along with Medibank customers, the attack is believed to have affected customers of Medibank’s subsidiary Ahm, as well as a number of international customers.

What action can the Australian government take?

“The Medibank breach has taken Australia by storm, so it is not surprising the government is analysing how to handle cyber incidents moving forward, but isolated knee-jerk responses will only make the problem worse,” said Jordan Schroeder, managing CISO at security service Barrier Networks.

“Banning ransomware payments would be a move to make attacks on Australian organisations less attractive to cyber criminals, but it won’t stop them entirely. Attacks will still occur and in these situations, companies would have absolutely no chance of recovery, which will potentially cost more than a ransom demand.

“Furthermore, making ransomware payments illegal in one jurisdiction could push the payment of ransomware underground, which will hide these crimes and make coordinated responses with law enforcement difficult, or it could even force companies to use third parties in other jurisdictions to make payments on their behalf, which will not solve the problem.

“A better focus for the Australian government just now could be on equipping organisations with better defences against ransomware. This would include raising awareness around cybercrime techniques and introducing legislation on minimum cybersecurity requirements for businesses.”

Following the attacks, the Australian government has also formed a task force, composed of officers from both the AFP and the Australian Signals Directorate (ASD), the federal agency responsible for intercepting and extracting information from foreign electronic communications. This will hunt cyber criminals on a permanent basis.

Additionally, the maximum data breach penalty will be increased for repeated or serious privacy breaches in Australia. The former ceiling of AU$2.2 million will rise to the greatest of $50 million (AUD), three times the value of benefits obtained through the improper use of data, or 30% of an accused company’s adjusted turnover across a defined period. 

Data breaches should be prevented as a matter of course within companies as a result of proper data protection policies and procedures, rather than simply to avoid fines. In addition to the legal and ethical ramifications of improper data handling, processing, or disposal, companies that engage in bad practice will incur a great deal of reputational damage.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download


Why Japan finds it so hard to digitally transform
digital transformation

Why Japan finds it so hard to digitally transform

1 Dec 2022
MSG giant Ajinomoto's chipmaking foray helps break financial records
Business strategy

MSG giant Ajinomoto's chipmaking foray helps break financial records

30 Nov 2022
India to trial digital rupee from December 2022
digital currency

India to trial digital rupee from December 2022

30 Nov 2022
Japan considers creating new cyber defence agency as attacks ramp up in region
cyber attacks

Japan considers creating new cyber defence agency as attacks ramp up in region

24 Nov 2022

Most Popular

Empowering employees to truly work anywhere

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

14 Nov 2022