The Australian government announced around the weekend it is thinking about banning ransomware payments in response to the Medibank knowledge breach.
The group at the rear of the hack has been connected by the Australian Federal Law enforcement (AFP) to Russian cyber-criminals with connections to the REvil cyber gang, allegedly dismantled by Russia’s Federal Security Service earlier this year.
Now, the Australian governing administration is suggesting making ransomware payments unlawful to reduce the profitability of info breaches for criminal organizations.
Australia’s household affairs minister Clare O’Neil designed the announcement on ABC tv on Sunday, confirming a new cyber-policing design amongst the AFP and the Australian Indicators Directorate to produce “new challenging policing” on cybercrime.
About 100 officers will be portion of the new partnership that would act as a joint standing operation in opposition to cyber-criminals.
Even so, according to Jordan Schroeder, managing CISO at Barrier Networks, the concept of a endeavor power is inadequate to make sure defense versus ransomware attacks in Australia, significantly at a time of sustained cyber-attacks from companies in the nation.
“The Medibank breach has taken Australia by storm, so it is not surprising the govt is analyzing how to cope with cyber incidents moving ahead, but isolated knee-jerk responses will only make the dilemma even worse,” Schroeder told Infosecurity.
“On top of that, making ransomware payments illegal in just one jurisdiction could force the payment of ransomware underground, which will hide these crimes and make coordinated responses with legislation enforcement complicated, or it could even pressure companies to use 3rd functions in other jurisdictions to make payments on their behalf, which will not address the difficulty.”
As a substitute, the govt suggested the Australian federal government should contemplate what the criminals would do in reaction to these polices, not just how to punish the victims seeking to get better from data breaches.
“Nations, cybersecurity specialists, ISPs, and cyber insurers want to get the job done on a collective tactic to tackle this worldwide and vast-ranging issue,” Schroeder added.
A lot more typically, the security expert said that a improved aim for the Australian government could be on equipping organizations with much better defenses versus ransomware.
“This would incorporate elevating consciousness all over cybercrime techniques and introducing legislation on minimum cybersecurity demands for enterprises.”
The announcement will come weeks after Deep Instinct posted its most up-to-date cyber-risk report suggesting 2022 has been one more file 12 months for cyber-criminals and ransomware gangs.
Some sections of this post are sourced from: