Australia: DHA releases comprehensive ransomware action plan
The Australian Department of Home Affairs ('DHA') released, on 13 October 2021, a comprehensive action plan aimed at countering the rise in ransomware incidents. In particular, the DHA confirmed a 'specific mandatory ransomware incident reporting regime' is a priority. In addition, the DHA plans to introduce a suite of new offences for cyber extortion, which are aimed at criminals targeting critical infrastructure, as well as criminalising dealing in stolen data, and the buying and selling of malware. Furthermore, the DHA has planned to introduce a standalone offence for all forms of cyber extortion, with a view to ensure criminals using ransomware face increased maximum penalties. Notably, a similar 'standalone aggravated offence for cybercriminals seeking to target critical infrastructure' is planned as part of the Security Legislation Amendment (Critical Infrastructure) Bill 2020. Moreover, the plan clarified the government's position on ransomware, which is not to pay a ransom as there is no guarantee the lost information will be restored.
You can read the plan here.