The Morrison government will launch a massive operation led by the Australian Federal Police to strike back against ransomware attackers in Australia and Russia, in response to a spate of major attacks on Australian businesses, hospitals and government.
The new multi-agency taskforce, called Operation Orcus, is Australia’s strongest response yet to the surging incidence of this form of cyber crime, both here and overseas where on-line criminals steal sensitive data and demand multi-million-dollar ransoms for its return.
The move comes after a 60 per cent increase in ransomware attacks in Australia over the past year that are estimated to have cost the economy $1.4bn while temporarily paralysing hospitals as well as large and small businesses across the nation.
Home Affairs Minister Karen Andrews told The Weekend Australian: “Time’s up for the organised criminals who prey on our schools, hospitals, businesses, and private citizens with this despicable technology.”
Australia’s move to form a multi-agency taskforce follows a similar initiative this week by Joe Biden in response to a string of attacks by suspected Russia-based criminals on a major oil pipeline and on the world’s largest meat processing company, JBS.
The US President has called on his Russian counterpart, Vladimir Putin to do more to tackle cybercriminals operating from Russian soil, many of whom are also behind recent attacks on Australian entities including healthcare provider UnitingCare Queensland, brewing giant Lion and Nine Entertainment.
The AFP-led Operation Orcus will be a multi-agency offensive against ransomware criminals and will include the Australian Cyber Security Centre (ACSC), the Australian Criminal Intelligence Commission (ACIC), Austrac, state and territory police as well as industry and other government partners.
The AFP will target the sophisticated and shadowy organised crime groups that are behind ransomware attacks in Australia and overseas and will share its intelligence directly with the ACSC, which wields offensive hi-tech measures to disrupt overseas-based hackers, including in Russia.
As a part of the operation, the AFP will more than double its staff working with the ACSC from 13 to 35, as agencies move to improve intelligence sharing and coordination in response to the rising incidence of ransomware attacks.
“The Morrison government is protecting Australia’s digital economy with a new AFP-led operation against ransomware (and it has) already invested $89.9m to expand the AFP’s operational capabilities to disrupt and identify cybercrime as part of the Government Cyber Security Strategy,” Ms Andrews said.
“This strong action should come as no surprise. I’ve said consistently that increasing cybersecurity and cracking down on cyber crime are my top priorities.’
More than 459 Australian entities were hit by ransomware attacks in the year to April 2020 compared with at least 291 in the previous 12 months.
Most, but not all, ransomware criminal groups are based in Russia where they use special designed malicious software, such as REvil or DarkSide, to encrypt or steal data, releasing it only when a ransom is paid, usually in the form of hard-to-trace cryptocurrencies.
Australian authorities strongly advise organisations not to pay the ransom demands but a survey in late 2020 by cyber firm CrowdStrike found that one-third of Australian firms hit in ransomware attacks did pay an average ransom amount of $1.25m.
However, Ms Andrews urged Australians not to succumb to ransomware demands.
“My advice to anyone held to ransom by these criminals is simple: do not pay – contact police and the ACSC,” she said. “Don’t reward criminal behaviour with a payment, especially when there is no guarantee you’ll get anything back.”
The government has struggled to persuade ransomware victims to report the crime and cooperate with authorities. Many companies and entities are reluctant to admit that they have been attacked or that they have chosen to pay a ransom. To tackle this, the government is considering making it mandatory for Australian organisations to report ransomware attacks.
A report this week from the Australian Strategic Policy Institute called for mandatory reporting of ransomware strikes, better incentives for companies to improve their cybersecurity measures and an expanded national alert system.
The ransomware attack in May on meat processor JBS forced that company to shut down its 47 sites in Australia and temporarily stand down thousands of workers.
Other recent ransomware targets in Australia include the NSW Labor Party, the NSW Transit Authorities, Toll Holdings and BlueScope Steel.