Australia weighs banning ransomware payments amid hike in attacks

Getting your Trinity Audio player ready...

Australia has become one of the largest targets for cybercriminals, and the Aussie government believes that banning ransomware payments to these criminals is a critical first step in curbing the vice.

Over the past year, Aussie companies have become big targets for hackers who demand millions of dollars, mostly in hard-to-trace digital assets. Last September, the second-largest telco in the country, Optus, was hacked, and over 10 million customer accounts were accessed. Less than a month later, Medibank, one of the country’s largest health insurers, was also hacked, and sensitive medical records for millions of customers were accessed.

The latest major hack targeted Latitude Financial, the largest non-bank lender across Australia and New Zealand. On Monday, the company announced that it would not pay the ransom demanded by the hackers.

CEO Bob Belan said that paying the ransom doesn’t guarantee “customer data being destroyed and it would only encourage further extortion attempts on Australian and New Zealand businesses in the future.”

The Aussie government believes that it’s time to act, and banning ransomware payments has been proposed as one of the best initiatives. The logic is that if hackers know they won’t get paid, they have no incentive to hack Aussie businesses.

One of the leaders pushing for the ban is Claire O’Neil, the country’s Home Affairs and Cyber Security minister.

Cyber criminals cheat, lie and steal. Paying them only fuels the ransomware business model.

They commit to undertaking actions in return for payment, but so often re-victimise companies and individuals.

— Clare O'Neil MP (@ClareONeilMP) April 11, 2023

The Australian government has tasked an expert board led by Andy Penn, the former CEO of the country’s largest telco Telstra, with examining the effect of such a ban. While Penn supports the ban, he says there must be exceptions.

“There are potentially limited circumstances where there are life-threatening situations where maybe a complete ban is not appropriate,” Penn notes.

Some oppose the ban, like IDCare, an Aussie government-affiliated non-profit that helps internet crime victims, which says such action could inadvertently fuel hacks.

IDCare says that fining companies for paying the ransom will only lead them to cover up the hacks to avoid any fines or regulatory action.

Digital assets continue to be a key piece of the cybercrime world. Most hackers demand ransom payments in digital assets as some come with built in anonymity features. They also turn to coin mixing services such as the infamous Tornado Cash to obfuscate the trail of the stolen coins. Just days ago, hackers drained $13 million from the Korean exchange GDAC and laundered the tokens through Tornado Cash.

Watch: Sentinel Node Blockchain Tools to Improve Cybersecurity