Home Affairs Minister, Clare O’Neil, has told ABC News that the Australian Government is looking at making ransom payments in response to ransomware attacks illegal.
Commenting on this Kevin Bocek, Vice President, Security Strategy & Threat Intelligence at Venafi, told Continuity Central:
“The proposal from the Australian Government on banning ransomware payments is sound as it’d hit ransomware operators where it hurts – their wallets.
“However, the harsh reality is that even if businesses pay ransoms, there is no guarantee that their data will be returned as hackers are increasingly following through with extortion threats regardless. We surveyed 1500 security professionals last year to find out their attitude towards paying ransoms. 35 percent of ransomware victims who paid the ransom were unable to recover their data, and 18 percent of ransomware victims who paid the ransom had their data exposed on the dark web. Paying ransoms is clearly no longer the fail-safe it once was, so businesses should use this proposed law as a wake-up call to address the problem at its root and strengthen their security posture.
“It's also worth bearing in mind that if ransom payments are banned, this won’t end cybercrime, as it will force threat actors to change their tactics. Ransomware gangs will target other locations without regulations in place, or they may try alternative methods of generating revenue. Selling stolen machine identities, such as code-signing certificates, is a potential pivot. We’ve seen these sell for significant value on the dark web, and threat groups like Lapsus$ regularly use them to carry out devastating attacks.”