The Australian government has been forced to ban online ransom payments, often requiring payment in cryptocurrency, after a local business suffered a massive data breach and subsequent ransom demands.
Australian consumer lender Latitude Financial, which first announced it had been hit by a cyberattack on March 16, provided an update on April 11 stating that it had received a ransom demand that it refused to pay: "Based on the advice of cybercrime experts, Latitude firmly believes that paying the ransom will be detrimental to our customers and cause harm to the wider community by encouraging further criminal attacks."
The attack resulted in the theft of approximately 7.9 million Australian and New Zealand driver's license numbers, in addition to 6.1 million customer records, 53,000 passport numbers and 100 customer financial statements. The Australian Government's main cybersecurity agency, the Australian Cyber Security Center (ACSC), currently advises victims of ransomware attacks never to pay the ransom, saying there is no guarantee the information will be returned rather than sold online.
Despite such advice, there are currently no laws preventing companies from paying ransoms, and the recent attack on Latitude has prompted many in the Australian tech industry to call for new rules to outlaw it. Wayne Tufek, director of cybersecurity firm CyberRisk, told media outlet The Australian that "making ransom payments illegal will act as a deterrent to criminals if they know If you don’t get a large sum of money yourself, you will continue to attack.”
Andrew Truswell, director of technology law firm Biztech Lawyers, also told The Australian that laws limiting ransom payments should be considered. Cyber Security Minister Claire O'Neill is currently weighing whether ransom payments should be made illegal following the recommendations of a strategic review of Australia's cyber security led by former chief executive of telecommunications company Telstra Andy Payne.
The ACSC said Australia was particularly attractive to cybercriminals because of its prosperity, with Australians often cited as having the highest median wealth per capita in the world. Cryptocurrencies have long been accused of facilitating ransomware attacks, as attackers often demand payments in cryptocurrencies in order to anonymize funds and move them across borders. One of the ways encryption facilitates ransomware is through the use of mixing services such as Tornado Cash to anonymize funds.
At the U.S. Senate Banking Committee hearing on February 28, Daleep Singh, former deputy national security adviser for international economics in the Biden administration, said that "digital assets are critical to the business model of ransomware" and that "close to 100%" of cyber attacks Those who use cryptocurrencies are rewarded.
