Ransomware gangs could lose access to their accounts and the servers they use to launch their attacks. Law enforcement officials could also have the authority to delete files the ransomware operators are holding, to dissuade double-extortion cyberthreats.
Countries across the world are trying multiple techniques to fight the growing menace of ransomware attacks. Upgrading infrastructure and raising awareness remains the top priority. But some governments seem to be taking stricter measures that are akin to “We don’t negotiate with terrorists”.
Australia formulates new laws to tackle ransomware gangs and sophisticated attacks on businesses and government agencies:
Australia’s Minister for Home Affairs has announced the “Australian Government’s Ransomware Action Plan”. The plan consists of new measures the country will adopt to combat the growing threat of ransomware.
At the forefront of the action plan is the allotment of AU $1.67 billion (USD $1.23 billion) over ten years. The funds will flow through Australia’s Cyber Security Strategy 2020, of which, tackling ransomware, is a part.
Australia, US to lead ransomware crackdown https://t.co/SeRYhBa9R8
— Adam Creighton (@Adam_Creighton) October 13, 2021
The action plan has already received an infusion of AU $164.9 ($121.2 million). Half of the funds will go towards the employment of additional AFP (Australian Federal Police) agents. The new task force will identify, investigate, and actively engage in targeting cyber criminals.
— TheClueNg (@TheclueNG) October 13, 2021
The highlights of the new Ransomware Action Plan include the following:
- The formation of a multi-agency taskforce named ‘Operation Orcus,’ led by the AFP (Australian Federal Police).
- The introduction of a mandatory ransomware incident reporting clause for all victimized entities.
- The establishment of awareness-raising programs for businesses of all sizes.
- The introduction of harsher punishments for cyber extortionists and ransomware actors based in the country.
- Be more active in calling out states that facilitate ransomware attacks, or provide safe havens to cybercriminals.
- Actively track and intercept cryptocurrency transactions that have confirmed links to ransomware operations or other cybercrimes.
Australian authorities tackling the ransomware cyber threat and cybercriminals could seize accounts and servers as well as delete stolen data:
To effectively conduct investigations and actively disrupt ransomware attacks, the Australian government is trying to give new and powerful rights to the relevant law enforcement departments. Through the Surveillance Legislation Amendment Act 2021, Australia hopes to empower its cybercrimes divisions such as Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC).
An important step in combatting ransomware incidents in Australia announced today. https://t.co/zNRrwBXKCZ
— Daniel Kavan (@DanKavanLegal) October 13, 2021
These agencies could “delete or remove data linked to suspected criminal activity, permitting access to devices and networks and even allowing the takeover of online accounts for investigation purposes”.
Never fear! We shall Respond and Recover by "Strengthening responses to ransomware
attacks by ensuring support is available to victims."
Uh, okay. I guess there'll be some detail later on? #tljr
— Justin Warren ⬡ (@jpwarren) October 13, 2021
Essentially, law enforcement agencies dealing with ransomware gangs could delete data stolen that the cybercriminals stole. The agencies could also seize the servers the attackers used. Such actions would strongly dissuade “double-extortion” schemes.
Australia is also setting aside AU $6.1 million ($4.5 million) to help businesses that have suffered from a ransomware attack. The Aussie government will also train SMEs and guide them on how to bolster their cybersecurity.