Australian authorities are set to introduce a mandatory reporting system for local companies, requiring them to disclose any ransomware cyberattacks on their businesses. Despite this obligation, no fines will be imposed if companies fail to comply. The move aims to enhance transparency in the face of escalating cyber threats, with the Australian economy having incurred losses of $2.59 billion due to cybercrimes in 2021.
The forthcoming national cybersecurity strategy, scheduled for release in November, will include the mandatory reporting framework. However, businesses will still retain the option to pay ransoms, although the National Cyber Security Coordinator, Air Marshal Darren Goldie, has discouraged such practices. In October, Australia joined nearly 40 other nations in committing not to pay ransomware demands targeting government agencies.
Before the mandatory reporting system is implemented, the government plans to engage with the business community to seek input on its design. Minister for Home Affairs and Cyber Security Clare O’Neil emphasized the creation of a ransomware playbook to guide businesses and citizens in preparing for, dealing with, and recovering from ransom demands.
Ransomware attacks continue to pose a significant threat in the digital economy. The United States Department of Justice recently announced the doubling of its crypto crimes team’s size, with a focus on combating ransomware crimes. Research by Chainalysis indicates that wallets involved in ransomware attacks often use crypto mining pools to launder funds obtained through exploits. Instances highlight substantial sums flowing from ransomware wallets to mining pools, underscoring the need for robust measures against these cyber threats.