Skip to main content

New Law to Criminalise Ransomware Attacks alongside AFP tech recruitment drive

by Cameron Sinclair •
Subscriber preview

The Morrison Government has introduced a draft law to criminalise offshore ransomware attacks and freeze ransom payments, coinciding with a recruitment drive from cryptocurrency specialists at the Australian Federal Police (AFP). 

The Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 was introduced in the House of Representatives on Thursday morning, 17 February, on behalf of the Minister for Home Affairs, Karen Andrews.  

It still needs to pass the senate, where it will be subject to further review (and possible amendments). 

Responsibility for recovering ransoms (proceeds of crime) falls primarily to the AFP, which has extensive experience confiscating digital assets and cryptocurrencies. 

A ransomware taskforce, known as Operation Orcus, was established in June 2021, and in December, the AFP Cybercrime Operations announced that in early 2022 it will be launching a recruitment campaign for technical specialists with experience or qualifications in IT, cyber security or related fields.  

The Cryptocurrency Capabilities Team (CCT) within the Criminal Assets Confiscation (CAC) portfolio is currently hiring for several roles.  

Another interesting aspect of the new draft legislation is its timing, and with many experts anticipating that an election will be called soon after the 29 March Budget, it is effectively being introduced at ‘2 minutes to midnight’ in the final days of this parliamentary term. 

The intention to introduce new legislation to criminalise making a ransomware payment and create a stand-alone criminal offence for all forms of cyber-extortion was flagged in a Ransomware Action Plan released in October 2021. 

The Morrison Government introduced a revised Cyber Security Strategy in October 2020; but ransomware is only mentioned in passing – as part of a quote, and on a list of threats in the appendix. 

This omission has been repeatedly emphasised by Labor’s Shadow Assistant Minister for Cyber, Tim Watts throughout 2021; including with the introduction of his own draft ransomware bill

Labor published a paper calling for a national ransomware strategy on a February 2021,  

Soon after, a cyber security Industry Advisory Committee, chaired by Telstra CEO Andy Penn, published a ransomware paper in March 2021, an AFP ransomware task force was established in July, and the ransomware action plan was released in October. 

The new bill does not contain major changes to the existing Criminal Code provisions. 

It amends the “geographical jurisdiction” to allow offshore cyber criminals to be targeted; and expands existing provisions in the Proceeds of Crime Act (POCA) to allow police to freeze (and recover) ransom payments, including those made in cryptocurrency. 

The Australian Financial Security Authority (AFSA) is responsible for disposing (auctioning off) recovered assets once court proceedings are complete. 

Already a subscriber? Sign in here to keep reading

Want more content like this? Contact our team for subscription options!

  • Stay up-to-date on the latest news in government
  • Navigate market uncertainty with executive-level reports
  • Gain a deeper understanding of public sector procurement trends
  • Know exactly where government is spending
  • Federal
  • IT Services
  • Software
  • Telecommunications
  • Defence
  • Industry & Investment
  • Justice
  • Legislature
  • PM / Premier & Cabinet
  • Policy