The Australian Parliament has passed a law requiring organizations to report to the government when they pay ransom in a ransomware attack.
The reporting requirement is part of the Cyber Security Bill 2024. Ransomware attacks are said to be rarely reported voluntarily. Research by the Australian Institute of Criminology found that only one of five victims reports such an attack.
Australia faced several massive cyber incidents in recent years. In these, data of many people were compromised. The government, it says, has a limited picture of the ransoms paid as a result of ransomware attacks.
"It is estimated that Australian companies affected by ransomware paid $9.27 million in ransom last year. This problem needs to be addressed. Mandatory reporting of ransomware payments will give us insight into how many businesses are being extorted via ransomware attacks, to whom these payments are being made and how," let Australian cybersecurity minister Tony Burke know.
