The federal government has launched a new public awareness campaign on ransomware, amid a sharp uptick in attacks and calls from the Opposition for a more concerted effort to combat them.
With reports that there has been a 200 per cent increase in ransomware attacks against Australian organisations recently, the Australian has launched the next stage of its Act Now Stay Secure public awareness campaign, focusing on this cyber risk.
The campaign focuses on what companies can do to protect from these attacks and make it harder for cyber criminals.
But many in the industry and the federal Opposition said this does not go far enough, and the government needs to launch a national ransomware strategy and urge its agencies to go on the offensive against criminal gangs.
Assistant minister for defence Andrew Hastie launched the new public awareness campaign on Tuesday after it was earlier dropped to the media.
Following calls last week for Australian agencies to “release the hounds” on global ransomware groups and go on the offensive, Mr Hastie said this was already happening.
“The ASD has used, and will continue to use, its broad range of offensive cyber capabilities to disrupt and bring cybercriminal syndicates targeting Australia to their knees. Offensive cyber is just one of the tools in Australia’s toolkits,” Mr Hastie said in a statement.
Australian companies should access the new information available through the Australian Cyber Security Centre (ACSC) and report any ransomware attacks to the government, Mr Hastie said.
“The ACSC provides vital advice and assistance to defend Australian businesses and individuals against ransomware, and brings together the ASD’s intelligence, offensive cyber and cybersecurity capabilities to defend Australia’s interests from malicious cyber actors,” he said.
“The ACSC takes the information it learns from cyber attacks against Australian businesses, and uses it to warn and protect further Australian organisations from being targeted. I encourage Australian organisations to report their ransomware incidents to the ACSC so we can protect and warn all organisations and build better overall cyber defences for ‘Team Australia’.
“Any cyber criminal operating on the dark web or hiding behind encryption should be on notice that the full range of Australia’s intelligence and law enforcement capabilities are being aimed at you.”
The federal government is understood to be readying to launch a mandatory notification scheme for businesses subject to a ransomware attack, with Home Affairs secretary Mike Pezzullo recently saying it was “likely” that such a scheme would be introduced.
The new ACSC campaign includes a prevention and protection guide for businesses with basic measures they can take to protect from ransomware attacks, including to turn on automatic updates, use two-factor authentication, perform regular backups, implement access controls, and use a cybersecurity emergency plan.
Shadow assistant minister for cyber security Tim Watts said the government needs to be doing much more on ransomware than just a public awareness campaign.
“Does anyone believe that if there had been a 200 per cent increase in crime from outlaw bikie gangs, Peter Dutton would respond with an ‘awareness campaign’? Why is the Morrison government so complacent and weak in the face of the threat of ransomware?” Mr Watts tweeted.
“It’s time for a comprehensive National Ransomware Strategy to coordinate the government’s response to this threat.”
Along with a national strategy, Mr Watts has also said the federal government should introduce the mandatory reporting scheme and to take a more proactive approach to targeting the ransomware gangs.