New Ransomware Action Plan a welcome weapon in cyber security arsenal


Eric Abetz, Liberal Senator for Tasmania, has welcomed the new Ransomware Action plan to bolster cyber security and said the Liberal Government’s latest initiative was indicative of how seriously it takes the growing importance of cyber security.

Senator Abetz is Chair of the Senate’s Foreign Affairs, Defence and Trade Committee and a member of the Parliamentary Intelligence and Security Committee. He recently called for a cyber security summit with government officials, business leaders and industry experts to forge a clear plan for Australia’s cyber security future.

“Ransomware is indiscriminate and affects individuals, business and critical infrastructure and the total cost of ransomware can be around $1 billion a year. The new Ransomware Action Plan is a welcome weapon in our cyber security arsenal action to disrupt and track and prosecute cyber criminals,” said Senator Abetz.

“We must continue to be agile in our response to the increasing threats to our cyber security and this new plan outlines specific, practical measures to protect people and organisations as well as punish those who engage in ransomware.”

“At a time when our critical infrastructure is a growing target, the new mandatory reporting mechanism will be an important tool so we can better understand and prevent ransomware, for example, in the case of the logistics company Toll which suffered two major ransomware attacks from foreign actors last year.”

“The Ransomware Action Plan, along with the Bill passed earlier this year to require the reporting of ransomware payments to the Australian Cyber Security Centre, is indicative that the Federal Liberal Government takes cyber security threats seriously.”

Cyber security in Australia is set to be strengthened with new criminal offences, tougher penalties and a mandatory reporting regime as part of the Federal Government’s new and comprehensive Ransomware Action Plan. Ransomware is software used to gain unauthorised access to devices, rendering them unusable until the victim makes a payment. In the first six months of 2021, there was a 23 per cent increase in ransomware attacks.

The new Ransomware Action Plan will introduce:

a new stand-alone aggravated offence for all forms of cyber extortion to ensure that cyber criminals who use ransomware face increased maximum penalties;

a new stand-alone aggravated offence for cyber criminals seeking to target critical infrastructure;

criminalise the act of dealing with stolen data knowingly obtained in the course of committing a separate criminal offence;

criminalise the buying or selling of malware to undertake computer crimes; and

modernise legislation to ensure that cyber criminals won’t realise and benefit from their ill-gotten gains, and law enforcement can better track and seize or freeze cyber criminals’ financial transactions in cryptocurrency.

The Government will also develop a mandatory ransomware incident reporting regime to enhance our understanding of the threat and enable better support to victims of ransomware attacks. It is expected that only businesses with a turnover of over $10 million per annum will be subject to the regime.

The Government will now consult further with the community, industry and interested stakeholders on the mandatory reporting regime and new criminal offences.

The Ransomware Action Plan is available to view here: