Labor has called on the federal government to get on the cyber offensive and “release the hounds” on global ransomware gangs following a series of high profile cyber-attacks against Australian companies and hospitals.
Last week Australia’s largest meat processor JBS Foods was forced to shut down its local operations for a day following a ransomware attack against the global company that the US government has said originated from a Russian criminal organisation.
Days later, the US Department of Justice confirmed that it would be upping its investigations of ransomware attacks to a similar level as terrorism.
Speaking in Parliament last week, shadow cybersecurity minister Tim Watts said these events should be a wake-up call for the government, and reiterated his calls for a national ransomware strategy.
“It’s a timely reminder of the economic cost of the scourge of ransomware – it’s a jobs and investment destroyer when the economy can least afford it. It also highlighted the urgent need for the Morrison government to adopt a national ransomware strategy to combat these attacks,” Mr Watts said.
“The JBS Foods barbeque stopper should be a wake-up call for the Morrison government to finally take responsibility.”
Mr Watts said the government should be proactive in its fight against ransomware gangs, and its spy agencies should be actively trying to disrupt these organisations.
In Senate Estimates last week it was revealed that the Australian Signals Directorate (ASD) did not take any offensive operations against those responsible for the cyber-attack on Nine, despite appearing to know who was behind it.
“As part of a national ransomware strategy, the Morrison government needs to get serious about using its signals capability to disrupt cybercriminals and deter attacks on Australian targets,” he said.
“To date, these ransomware crews have been able to target Australian organisations with impunity. No wonder we’ve seen these attacks increasing in their scale and frequency. In general, the position of the Morrison government is not to tell us or the cybercriminals targeting Australia what they are doing to disrupt them. A secret deterrent is no deterrent at all.”
The ASD should create a “target list” of the top 10 ransomware groups targeting Australia and ramp up efforts to disrupt their operations, he said.
“The scourge of ransomware has become an intolerable burden on our nation – a $1 billion annual burden, collectively. It’s time that we said enough is enough. It’s time to release the hounds on these ransomware crews,” Mr Watts said.
“Ransomware groups should fear the consequences of being added to ASD’s targeting list. We need to end the age of impunity for ransomware attacks and teach these ransomware groups that there are consequences for targeting Australian organisations with ransomware attacks and that these attacks are not worth the potential benefits.
“The Morrison government has left Australian governments, businesses and community groups to combat these international ransomware groups for too long,” Mr Watts said.
“It’s time it took responsibility, did its job and developed a national ransomware strategy. These groups are the modern day pirates, and it’s time we treated them that way.”
Mr Watts also recently called for the government to implement a mandatory ransomware notification scheme, with businesses or individuals to report details of an attack to government agencies. At Senate Estimates last month, Home Affairs secretary Mike Pezzullo confirmed it was “likely” that such a scheme would be introduced.
Do you know more? Contact James Riley via Email.
Tim is a master – of faux-drama – with a Bachelor of Laws from Bond , a Master of Public Policy and Management from Monash and a Master of Science in Politics and Communications. He’d know as much about ransomware as he does about dogs, well “hounds” maybe. They have 4 legs and bark. Sure. the Morrison Muppets are a bunch of hapless fools without a digital between them, but Tim has no answers. It’s not the Commonwealth’s job to protect private property owners from risks they won’t take seriously. Someone might tell Tim that’s how the LNP thinks: your money to protect their corporate mates. Isn’t the ALP a different story? Tim ? Woof ?
@Digital Koolaid; it is the Commonwealth’s role to – combat crime at a national level (e.g. AFP) which includes protecting citizens (including corporate citizens) from property theft/damage, which ransomware is certainly a key issue. Additionally, ASD/Defence’s role does include protecting Australian interest against foreign aggression (even if that aggression is from a non-state actor). Lastly, Commonwealth assets and key infrastructure are at risk, which an issue for all Australians. Want fast ransomware payments, lock down an energy grid or a hospital. We can’t wait for an inevitable risk to occur before we act.
Given that 80%+ of bad actors in this space are offshore, often in locations we can’t influence via traditional policing arrangements, this is almost the only option available.
So in short, this is an issue for the Commonwealth to address. Labour has forgotten that the legislation to allow ASD to disrupt foreign players still needs to pass, but otherwise there is anything incorrect in what Tim is saying here.