The Australian government is considering imposing a reporting obligation on large companies for paying ransoms to cybercriminals after a ransomware attack.
Intelligence and investigative services must thus obtain more information about these attacks.
It is a bill called Ransomware Payments Bill 2021 that the Australian Workers’ Party has introduced. The reporting obligation only applies to companies with a turnover of more than 10 million Australian dollars, which is approximately 6.3 million euros.
Companies are required by law to report ransom payments after ransomware attacks. Are they not doing this? Then companies can be fined.
Ransomware has been regularly in the news lately. Known incidents include the ransomware attacker on meat processor JBS and oil pipeline company Colonial Pipeline. Both parties eventually made the payment, paying US$11 million and US$4.4 million, respectively.