Labor has called on the federal government to get on the cyber offensive and “release the hounds” on global ransomware gangs following a series of high profile cyber-attacks against Australian companies and hospitals.
Last week Australia’s largest meat processor JBS Foods was forced to shut down its local operations for a day following a ransomware attack against the global company that the US government has said originated from a Russian criminal organisation.
Days later, the US Department of Justice confirmed that it would be upping its investigations of ransomware attacks to a similar level as terrorism.
Speaking in Parliament last week, shadow cybersecurity minister Tim Watts said these events should be a wake-up call for the government, and reiterated his calls for a national ransomware strategy.
“It’s a timely reminder of the economic cost of the scourge of ransomware – it’s a jobs and investment destroyer when the economy can least afford it. It also highlighted the urgent need for the Morrison government to adopt a national ransomware strategy to combat these attacks,” Mr Watts said.
“The JBS Foods barbeque stopper should be a wake-up call for the Morrison government to finally take responsibility.”
Mr Watts said the government should be proactive in its fight against ransomware gangs, and its spy agencies should be actively trying to disrupt these organisations.
In Senate Estimates last week it was revealed that the Australian Signals Directorate (ASD) did not take any offensive operations against those responsible for the cyber-attack on Nine, despite appearing to know who was behind it.
“As part of a national ransomware strategy, the Morrison government needs to get serious about using its signals capability to disrupt cybercriminals and deter attacks on Australian targets,” he said.
“To date, these ransomware crews have been able to target Australian organisations with impunity. No wonder we’ve seen these attacks increasing in their scale and frequency. In general, the position of the Morrison government is not to tell us or the cybercriminals targeting Australia what they are doing to disrupt them. A secret deterrent is no deterrent at all.”
The ASD should create a “target list” of the top 10 ransomware groups targeting Australia and ramp up efforts to disrupt their operations, he said.
“The scourge of ransomware has become an intolerable burden on our nation – a $1 billion annual burden, collectively. It’s time that we said enough is enough. It’s time to release the hounds on these ransomware crews,” Mr Watts said.
“Ransomware groups should fear the consequences of being added to ASD’s targeting list. We need to end the age of impunity for ransomware attacks and teach these ransomware groups that there are consequences for targeting Australian organisations with ransomware attacks and that these attacks are not worth the potential benefits.
“The Morrison government has left Australian governments, businesses and community groups to combat these international ransomware groups for too long,” Mr Watts said.
“It’s time it took responsibility, did its job and developed a national ransomware strategy. These groups are the modern day pirates, and it’s time we treated them that way.”
Mr Watts also recently called for the government to implement a mandatory ransomware notification scheme, with businesses or individuals to report details of an attack to government agencies. At Senate Estimates last month, Home Affairs secretary Mike Pezzullo confirmed it was “likely” that such a scheme would be introduced.