The Australian government has announced a new set of standalone criminal offences for people who use ransomware under what it has labelled its Ransomware Action Plan.
Under the new plan [PDF], people who use ransomware to conduct cyber extortion will be slapped with new stand-alone aggravated criminal charges.
A new criminal offence has also been created for people that target critical infrastructure with ransomware.
The acts of dealing with stolen data knowingly obtained in the course of committing a separate criminal offence as well as buying or selling malware for the purposes of undertaking computer crimes are also both now criminalised.
“The Ransomware Action Plan takes a decisive stance — the Australian Government does not condone ransom payments being made to cybercriminals. Any ransom payment, small or large, fuels the ransomware business model, putting other Australians at risk,” Minister for Home Affairs Karen Andrews said.
Alongside the new criminal offences, the plan will also roll out a new mandatory ransomware incident reporting regime, which would require organisations with a turnover of over $10 million per year to formally notify government if they experience a cyber attack.
The new plan will also see government work to introduce additional legislative reforms that potentially allow law enforcement