Push to ban ransomware payments following Australia's biggest cyber attack
The Australian government is being pushed to ban the payment of cyber ransoms, usually demanded in cryptocurrency, following a local business suffering a mass data breach and subsequent ransom demand.
Australian financial institution Latitude Financial first announced on March 16 that it was hit by a cyber attack and provided an update on April 11 indicating that it received a ransom demand that it's refusing to pay:
The attack resulted in around 7.9 million Australian and New Zealand driver's license numbers being stolen, in addition to 6.1 million customer records, 53,000 passport numbers, and 100 customer financial statements.
The Australian government’s lead cybersecurity agency, the Australian Cyber Security Centre (ACSC), currently recommends that victims of ransomware attacks never pay a ransom saying there’s no guarantee the information will be returned instead of being sold online.
Despite the recommendation, there is currently no law prohibiting firms from paying ransoms and the latest attack on Latitude prompted many from the Australian tech industry to call for new rules to outlaw it.
Wayne Tufek, the director of cybersecurity firm CyberRisk, noted in comments on April 11 to local media outlet The Australian that “making ransom payments illegal would act as a deterrent for criminals to continue attacks if they know that they won’t be paid large sums of money.”
The director of technology law firm Biztech Lawyers, Andrew Truswell, also told The Australian that a law restricting ransom payments should be considered.
Cyber Security Minister Clare O’Neil is currently weighing if ransom payments should be made illegal following suggestions from a review of Australia’s cybersecurity strategy led by Andy Penn, the former
Read more on cointelegraph.com
