Support Centre

You have out of 10 free articles left for the week

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Australia: DHA releases comprehensive ransomware action plan

The Australian Department of Home Affairs ('DHA') released, on 13 October 2021, a comprehensive action plan aimed at countering the rise in ransomware incidents. In particular, the DHA confirmed a 'specific mandatory ransomware incident reporting regime' is a priority. In addition, the DHA plans to introduce a suite of new offences for cyber extortion, which are aimed at criminals targeting critical infrastructure, as well as criminalising dealing in stolen data, and the buying and selling of malware. Furthermore, the DHA has planned to introduce a standalone offence for all forms of cyber extortion, with a view to ensure criminals using ransomware face increased maximum penalties. Notably, a similar 'standalone aggravated offence for cybercriminals seeking to target critical infrastructure' is planned as part of the Security Legislation Amendment (Critical Infrastructure) Bill 2020. Moreover, the plan clarified the government's position on ransomware, which is not to pay a ransom as there is no guarantee the lost information will be restored.

You can read the plan here.