Following a huge data breach and subsequent ransom demand by a local business, the Australian government is being pressed to prohibit the payment of cyber ransoms, which are typically sought in bitcoin.
Latitude Financial, an Australian financial company, first declared on March 16 that it had been the victim of a cyber attack, then released an update on April 11 suggesting that it had received a ransom demand that it refused to pay: “In accordance with cybercrime experts’ advice, Latitude strongly believes that paying a ransom will be detrimental to our customers and will harm the broader community by encouraging further criminal attacks.”
The attack resulted in the theft of about 7.9 million Australian and New Zealand driver’s license numbers, as well as 6.1 million customer details, 53,000 passport numbers, and 100 client financial statements. The Australian Cyber Security Centre (ACSC), the Australian government’s principal cybersecurity body, now advises victims of ransomware attacks not to pay a ransom because there is no guarantee the information would be restored instead of being sold online.
Despite the recommendation, there is presently no law forbidding businesses from paying ransoms, and the recent attack on Latitude has caused many in Australia’s computer industry to urge for new rules to make it illegal. Wayne Tufek, director of cybersecurity firm CyberRisk, told The Australian on April 11 that “making ransom payments illegal would act as a deterrent for criminals to continue attacks if they know they won’t be paid large sums of money.”
Andrew Truswell, the director of technology legal firm Biztech Lawyers, also told The Australian that a rule prohibiting ransom payments should be examined. Following recommendations from a review of Australia’s cybersecurity policy led by Andy Penn, the former CEO of telco giant Telstra, Cyber Security Minister Clare O’Neil is now debating whether ransom payments should be made illegal.
According to the ACSC, Australia is particularly appealing to cybercriminals due to its richness, with Australians frequently cited as having the world’s greatest median wealth per adult. Cryptocurrency has long been accused of enabling ransomware attacks, as attackers frequently demand cryptocurrency payment in order to anonymize funds and transfer them across borders.
One method crypto facilitates ransomware is its ability to anonymize funds through the use of mixing services like Tornado Cash. Daleep Singh, a former deputy national security adviser for international economics in the Biden administration, testified before the United States Senate Banking Committee on Feb. 28 that “digital assets are essential to the business model of ransomware,” with “close to 100%” of cyber attackers paid off using crypto.