Australian firms could be forced to declare ransom payments

The ransomware bill was introduced by an opposition legislator in the wake of numerous global attacks

A bill has been introduced into the Australian House of Representatives that requires organisations to disclose when they make ransomware payments. 

The Ransomware Payments Bill 2021 was introduced on Monday by Labour Shadow Assistant Minister for Cyber Security Tim Watts, who said there was an “urgent need for this bill”.

The bill requires entities who make a ransomware payment to notify the Australian Cyber Security Centre (ACSC) of key details of the attack, the attacker, and the payment. 

The information will be used to share de-identified information to the private sector through the ACSC’s threat-sharing platform, to collect and share information that may be used by law enforcement, and to inform policymaking and track the effectiveness of policy responses.

“The ransom payment notification scheme created by this bill is the starting point for such a comprehensive plan to tackle ransomware,” said Watts. “It will require large businesses and government entities that choose to make ransomware payments to notify the ACSC before they make the payment.”

Watts added that this information it will provide a “fuller picture of ransomware attacks in Australia and the scale of the threat”. The minister also underlined that ransoms should not be paid as it does not guarantee an organisation can restore its systems quickly or prevent further disruption and “it does not guarantee your data won’t be leaked”.

Related Resource

The definitive guide to IT security

Protecting your MSP and your customers

The definitive guide to IT security for MSPs - whitepaper from LiongardDownload now

He added that where an organisation feels “compelled” to make a ransom payment, the government should be involved.

The minister used examples of various ransomware attacks in the last 12 months, including the Colonial Pipeline hack in the US which led to fuel shortages, an attack on Australian broadcaster Nine Entertainment which disrupted its ability to broadcast, and the attack on JBS Foods which paralysed the company that employs 11,000 Australians on 47 sites.

Earlier this month, JBS Foods ended up paying an $11 million (£7.8 million) ransom to hackers who compromised its IT systems last month. It made the payment in Bitcoin and CEO Andre Nogueira said it was a “difficult” decision to make. The company also confirmed that at the time of payment, the vast majority of its facilities were operational.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Huawei to invest $100 million in APAC startups
startups

Huawei to invest $100 million in APAC startups

3 Aug 2021
Square to acquire Afterpay for $29 billion
mergers and acquisitions

Square to acquire Afterpay for $29 billion

2 Aug 2021
Tesla Megapack goes up in flames at Australian battery site
Hardware

Tesla Megapack goes up in flames at Australian battery site

30 Jul 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021
Preparing for AI-enabled cyber attacks
Whitepaper

Preparing for AI-enabled cyber attacks

22 Jul 2021