A “new and comprehensive” plan announced Oct. 13 by the Australian government aimed at tackling growing ransomware attacks will see an ad hoc cross-agency taskforce, “Operation Orcus”, actively track and intercept cryptocurrency transactions with confirmed links to cybercrime, among other measures.
The plan, supported by AU$164.9m (US$123.5m), will hire an additional 100 Australian Federal Police agents specifically to protect individuals, businesses and critical infrastructures from ransomware.
The plan comes as Australia saw a 60% increase of ransomware attacks in 2021 compared to the previous year. Notable recent cybercrime incidents include:
- Two attacks against logistics company Toll Holdings (May 2020)
- An attack against Nine Entertainment that left the company struggling to televise news bulletins and produce newspapers (March, 2021)
- An attack against JBS Foods, the world’s largest meat supplier, affecting 47 facilities in Australia (June 2021)
Plan Highlights
- The formation of a cross-agency taskforce, named Operation Orcus, led by the AFP
- The introduction of a mandatory ransomware incident reporting clause for all victimized entities
- The establishment of awareness raising programs for businesses of all sizes
- Actively tracking and intercept cryptocurrency transactions that have confirmed links to ransomware operations or other cybercrimes
- The introduction of harsher punishments for cyber extortionists and ransomware actors based in the country
- More actively in calling out states that facilitate ransomware attacks, or provide safe havens to cybercriminals
What will Operation Orcus do?
The Operation Orcus taskforce, which is still pending formation, was established by the AFP, Australian Cyber Security Centre, Australia Criminal Intelligence Commission, AUSTRAC and state and territory police agencies in July.
Going forward, Operation Orcus will be responsible for:
- Investigating ransomware crimes and working internationally to share, confront and destroy the ransomware hacking ecosystem
- Actively identifying those who support and provide safe havens for cybercriminals
- Requiring organizations to provide ransomware incident reports to the government
- Legislating to criminalize those who carry out all types of cyber extortion
- Increasing sentences for hackers who target critical infrastructure
- Amending laws to make hackers accountable for their criminal actions.
Ransomware puts crypto in the crosshairs
Ransomware refers to malicious software that makes data or systems unusable until the victim makes a payment. It originated in the late 1980s and has changed drastically over the past decade, turning into a billion-dollar global racket.
Image Source: Ars Technica
In 2013, the Cryptolocker malware rose to global dominance with partial support from GameOver Zeus Botnet. The network affected over 250,000 victims and potentially garnered 42,000 bitcoins, valued at approximately US$42 million back then and US$2.4 billion at today’s valuation.
“Once files are encrypted, criminals demand a ransom from the system owner in return for the decryption keys, often in the form of hard-to-trace cryptocurrencies,” said the Plan. “By insisting on payment in cryptocurrency, the attacker may remain anonymous and free to attack again.”
5 Key Ransomware Statistics:
- Ransomware cost the world $20 billion in 2021. That number is expected to rise to $265 billion by 2031.
- In 2021, 37 percent of all businesses and organizations were hit by ransomware.
- Recovering from a ransomware attack cost businesses $1.85 million on average in 2021.
- Out of all ransomware victims, 32 percent pay the ransom, but they only get 65 percent of their data back.
- Only 57 percent of businesses are successful in recovering their data using a backup.
Australian authorities have strongly advised entities not to pay ransoms. However, a survey conducted by cyber firm CrowdStrike in late 2020 found that a third of Australian companies hit by ransomware attacks did pay an average ransom of AU$1.25 million.
The Australian Government believes that requiring companies to report attacks, rather than paying a ransom, is a better option because it will give the Australian Cyber Security Centre quicker access to information about the hackers and the authorities will have the opportunity to consider whether there are broader national security consequences of the incident. It would also provide an early opportunity for victims to receive advice and resources to deal with the attack.
According to Karen Andrews, Minister for Home Affairs, measures under the Plan are to fulfil three goals: Building Australia’s resilience to ransomware attacks, strengthening the response to ransomware attacks, and combating and deterring cybercrime through tougher laws.
