IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers to face 25 years in jail for cyber attacks on Australia's national infrastructure

The proposals aim to update current laws to account for cyber threats like ransomware

Hackers could face up to 25 years in jail if found guilty of cyber offences against Australia’s critical infrastructure, under proposed changes introduced by the government today.

The government tabled the Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 in a bid to modernise criminal offences and procedures to respond to the threat of ransomware. It has several proposals that update the Criminal Code Act 1995, the Crimes Act 1914, and the Proceeds of Crime Act 2002.

One proposal is to set a maximum jail term of 25 years for hackers who target critical infrastructure assets. The government said it wanted to ensure that any computer offence against Australia’s infrastructure carries an appropriate penalty and deters would-be offenders.

Australian law enforcement will also be given clear legal authority to investigate and prosecute ransomware crimes and offences that occur in foreign countries, where the crime affects a person in Australia. Law enforcement will also be given the power to seize cryptocurrencies and other digital assets associated with cyber crime.

A new offence will also be created for those who buy or sell ransomware, with the government eager to crack down on the ransomware-as-a-service business model in particular.

The bill also makes adjustments to the law governing unauthorised access to, or the modification of, restricted data and unauthorised impairment of data held on a computer disk. In this case the maximum jail term will increase from two years to five years.

“Although a positive step in the fight against cybercriminals, this deterrent will by no means be the end of ransomware in Australia,” said Camellia Chan, CEO and Founder of X-PHY. “It is imperative that organisations do not rest on their laurels despite tougher punishments for criminals. New ransomware gangs and threat actors who are willing to risk the consequences are sure to emerge.

“Indeed, the devastating attack last year on the Colonial Pipeline in the US proves no organisation is too large to be targeted. Efforts to improve cyber security and bolster defences should be more strong than ever.”

This legislation implements key aspects of the government’s Ransomware Action Plan that was announced on 13 October 2021. The plan set out the government’s strategic approach to tackle the threat posed by ransomware and make it easier to clamp down on cryptocurrency transactions associated with ransomware crimes.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

Australia’s proposals to update the current legislation may be watched by other nations across the globe, many of which lack formal charges against ransomware.

In the UK, the Computer Misuse Act, last updated in 2015, has faced repeated calls to be brought in line with current threats, including from a coalition of businesses and cyber security groups.

The US has the Computer Fraud and Abuse Act (CFAA), which was introduced in 1986 to address hacking. It was most recently amended in 2008 to cover a broad range of conduct far beyond its original intent.

Australia's new bill shadows attempts made by an opposition legislator in June last year, who introduced the Ransomware Payments Bill 2021. That bill would have required victims who make ransomware payments to notify the Australian Cyber Security Centre (ACSC) of key details of the attack, the attacker, and the payment.

Labour MP Tim Watts said it would provide a fuller picture of ransomware attacks in Australia and the scale of the threat. However, the bill did not proceed from the House of Representatives and was formally removed on 14 February 2022.

Other countries have taken steps against ransomware as its use skyrocketed during the pandemic, including the US, which gave it a similar status as terrorism in June 2021. Last November, the Justice Department charged a Ukrainian national with conducting ransomware attacks against multiple victims and also announced the seizure of $6.1 million in funds traceable to alleged ransom payments.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Data centres that switch from HDDs to SSDs use 70% less power
data centres

Data centres that switch from HDDs to SSDs use 70% less power

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022
Australia pledges $5 million to create tech skills passport
Careers & training

Australia pledges $5 million to create tech skills passport

11 May 2022
Japan aims to reduce reliance on major cloud providers
public cloud

Japan aims to reduce reliance on major cloud providers

9 May 2022

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022