Ransomware attacks – where hackers upload a form of malware that encrypts the victim’s files and then demand a ransom to restore system access – have“Ransomware gangs have attacked businesses, individuals and critical infrastructure right across the country,” Ms Andrews said. “Stealing and holding private and personal information for ransom costs victims’ time and money, interrupting lives and the operations of small businesses.
The government is yet to determine what the penalties will be for non-compliance but wants to prioritise education and assistance over sanctions.The exact details around how soon a company would have to report an attack will be worked out after consultation with industry over the coming months. It is expected there will also be follow-up requirements on companies to provide additional information to the ACSC in the days after the attack.
Labor’s cyber security spokesman, Tim Watts, has a private member’s bill before Parliament that would require companies to inform the ACSC once a ransom payment had been made. it might have been company that failed to comply with the ASD for weeks after it was hit by a significant ransomware attack. ASD director-general Rachel Noble weeks earlier revealed her agency found out about a cyber attack through media reports despite the incident having a “national impact on our country”.