Australia’s new national cybersecurity strategy requires local companies to report incidents involving hackers using ransomware to regulators, regardless of whether their demands have been met.
Australian businesses will have to report cyberattacks with ransomware to the government as part of a mandatory reporting system. This is reported by the local media.
However, companies won’t be prohibited from complying with the demands of cybercriminals, although Darren Goldie, National Cyber Security Coordinator, strongly recommends not to do so. The new requirements of the authorities don’t imply penalties for the actions of companies, but withholding information about such incidents will be considered a violation of law.
According to Clare O’Neil, Australia’s Minister for Cybersecurity, the authorities are preparing a special guide to combat ransomware. This document will detail all possible steps cybercriminals can take using malware. O’Neil said the government will provide businesses and citizens with clear instructions on how to prepare for and respond to ransomware demands.
Australian authorities report that the local economy lost an estimated $2.59 billion to malware incidents in 2021.
Ransomware attacks remain among the most widespread in the digital economy. Last week, hackers managed to break into the U.S. unit of Industrial & Commercial Bank of China (ICBC) using ransomware. The incident forced the financial giant to suspend all operations and use USB drives to complete some transactions in treasury bonds.
This year, cybercriminals have become less likely to demand payment in BTC in incidents with ransomware.