New Plan to Protect Australians Against Ransomware


The Federal Government has announced new criminal offences, tougher penalties, and a mandatory reporting regime as part of a new and comprehensive Ransomware Action Plan.

Minister for Home Affairs Karen Andrews said individuals, businesses, and critical infrastructure across Australia will be better protected as a result of the new Plan. “Ransomware gangs have attacked businesses, individuals and critical infrastructure right across the country,” Minister Andrews said. “Stealing and holding private and personal information for ransom costs victims time and money, interrupting lives and the operations of small businesses.

Under the Ransomware Action Plan the Government will:

  • Introduce a new stand-alone aggravated offence for all forms of cyber extortion to ensure that cyber criminals who use ransomware face increased maximum penalties, giving law enforcement a stronger basis for investigations and prosecution of ransomware criminals;
  • Introduce a new stand-alone aggravated offence for cybercriminals seeking to target critical infrastructure. This will ensure cybercriminals targeting critical infrastructure face increased penalties, recognising the significant impact on assets that deliver essential services to Australians;
  • Criminalise the act of dealing with stolen data knowingly obtained in the course of committing a separate criminal offence, so that cybercriminals who deprive a victim of their data, or publicly release a victim’s sensitive data, face increased penalties;
  • Criminalise the buying or selling of malware for the purposes of undertaking computer crimes; and
  • Modernise legislation to ensure that cybercriminals won’t be able to realise and benefit from their ill-gotten gains and law enforcement can better track and seize or freeze cybercriminals’ financial transactions in cryptocurrency.
  • The Government will also develop a mandatory ransomware incident reporting regime to enhance our understanding of the threat and enable better support to victims of ransomware attacks. It will be designed to benefit, not burden small businesses, with businesses with a turnover over $10 million per annum expected to be subject to the regime.

The Plan follows the establishment of a new Australian Federal Police-led multi-agency operation which targets ransomware attacks that are linked directly to sophisticated organised crime groups operating in Australia and overseas, and shares intelligence directly with the Australian Cyber Security Centre as they utilise their disruptive capabilities offshore.

“The release of the Ransomware Action Plan is the latest in a long list of developments that have been rolled out since the Government’s $1.67 billion Cyber Security Strategy commenced in August last year. It builds on the Morrison Government’s strong track record fighting cybercrime,” Minister Andrews concluded.

You can read more of the Ransomware Action Plan here.