The Australian government says the practice of quietly paying off ransomware hackers has flourished, so Canberra wants to introduce new laws to force businesses to disclose payments made to cyber criminals.
There have been major ransomware attacks on large telecommunications, private healthcare and financial companies in Australia in the past year.
But authorities believe an untold amount of ransom money has paid to cybercriminals by other organizations where computer networks have been compromised.
The government intends to introduce new laws in the coming weeks to compel businesses to disclose when they make payments to hackers.
The left-leaning government had originally intended to outlaw ransom payments, but, for now, the focus has shifted to establishing the scale of the problem.
Ministers insist the new legislation will be used to help track down and stop hackers from continuing their illegal activities.
They believe that in the ‘five eyes’ intelligence alliance of Australia, Britain, Canada, New Zealand, and the U.S., billions of dollars in ransoms are being paid to cyber criminals.
Australia’s laws were framed when Clare O’Neil was the minister for cybersecurity and home affairs minister, who is now the housing minister after a cabinet reshuffle at the weekend.
She told the Australian Broadcasting Corp. that the scale of the problem is unknown.
“Effectively we have a situation where people are paying criminals money and it is happening in the darkness,” she said. “It is happening behind closed doors. This is a no-fault scheme. We are not blaming businesses when they are subjected to a crime. Government cannot win this war alone. We need a whole of nation effort here.”
The Cyber Security Act would force Australian businesses with annual turnovers of more than $1.96 million to disclose payments to hackers or face fines.
Industry groups have largely welcomed the new measures, but have said that the rules should only apply to companies with an annual turnover of more than $6.5 million.
In its 2022-23 Annual Cyber Threat Report, the Australian Cyber Security Center said it was informed of a cyber incident an average of once every six minutes.
It also said ransomware attacks had increased about five-fold since the COVID-19 pandemic.