Ransomware continues to stand as a prevalent form of cyber assault — and its effectiveness is quite alarming.
On a global scale, the projected ransomware damage costs are set to surpass $265 billion by 2031. These attacks have the potential to impact even the most substantial of entities. In July, a hacker group wreaked havoc on over 230 government agencies and services in Indonesia by infiltrating crucial systems at a national data hub.
The Temptation for Organizations to Fulfill Ransom Demands
Conceptually, ransomware threats would ideally be considered as more of an expensive nuisance than a disaster; the notion being that paying the ransom resolves the issue.
The expense of meeting a ransom demand can often be inconsequential when compared to the costs of recovering or reconstructing systems. For instance, the group responsible for the Indonesian data center breach only requested a relatively modest $12 million from the central government.
A study by McGrathNicol Advisory revealed that 73% of Australian entities that fell prey to a ransomware assault in the last five years opted to acquiesce to the ransom demand.
Globally, ransomware payouts surpassed $1 billion for the first time last year, as per Chainalysis. The trend of “big game hunting,” where groups target large entities and demand ransoms exceeding $1 million, is gaining momentum. Affected organizations are often enticed to comply.
Nevertheless, paying the ransom should not be the knee-jerk reaction. The Indonesian government, for example, made the decision to reject the ransom demand. On the other hand, Australia might soon criminalize payments — resulting in about three-quarters of organizations needing to devise an alternative strategy to handle this threat.
The Case for Anticipated Legislation Against Ransom Payments in Australia
Presently, the Australian government strongly advises against caving in to ransom demands for cyber assaults — counsel that is often disregarded.
“Making a ransom payment does not assure the retrieval of sensitive data nor prevent its sale or leak online,” the government highlights on the DFAT website. “It may also make Australia a more attractive target for criminal factions.
“Facilitating or making a ransom payment may breach Australian sanctions laws and result in criminal repercussions if such payments are directed to entities or individuals subject to Australian autonomous sanctions laws.”
In 2022, the government floated the prospect of progressing further by completely prohibiting ransom payments. This raised concerns within the business domain regarding the uncompromising nature of such a statute. However, later in 2023, the government discreetly abandoned this proposition in favor of enforcing mandatory reporting mandates.
This choice was partially made to amplify comprehension on national levels regarding ransomware attacks and cyber offenses. The government highlighted that underreporting these ransomware incidents is “constraining our national grasp of their genuine impact on the economy.” They added that the “mandatory, negligence-free, and liability-free” commitment to divulging such events would enhance this comprehension.
“Subject to design, anonymized briefs on ransomware and cyber extortion patterns could be disseminated amongst the industry and wider populace to steer us in fortifying our national resilience against cyber felonies,” the government stated.
Despite not yet being explicitly illegal, entities must acknowledge that catering to ransom demands could result in a sanctions violation, as stated on the DFAT website. It might also transpire into a money laundering infraction, based on the Australian Criminal Code Act 1995, if “there exists a likelihood that the funds could be employed as a tool for criminal activities,” and the entity is “reckless” or “negligent regarding the potential that the funds or assets are the proceeds of an indictable crime.”
There would be legal defenses against such accusations that legal practitioners could present. Nevertheless, with escalated scrutiny and a determination to curb ransom payments, organizations ought to explore alternative avenues for managing ransom demands.
Best Approaches for Australians to Tackle Ransomware Assaults
Despite various prominent breach instances and successful ransomware incursions in Australia lately, readiness remains subpar — with organizations still facing pressure to yield to ransom demands.
As a top priority, organizations should ascertain their IT and security teams are equipped. This includes keeping systems up to date, routinely reinforcing operating systems, software, and applications, and ensuring all endpoint devices adhere to policies and receive proper maintenance.
Simultaneously, the entity should formulate a backup protocol that includes an isolated version to mitigate the risk of compromised backups amid a successful ransomware attack.
Subsequent to addressing the initial assault, seek assistance from a third-party to conduct a comprehensive evaluation of the environment, identify persisting issues, and pinpoint vulnerabilities.
The conventional ransomware handling tactic for Australian entities will not remain tenable indefinitely. While the optimal approach for managing ransomware assaults is widely recognized, only a few enterprises seem to be hastening to enhance their environments — thereby increasingly exposing themselves to risks.
About Author
