Calls for Australians to report ransomware attacks

In late 2022 the AFP established Operation Guardian.

Australian Federal Police (AFP) is renewing calls for Australian businesses, including those in Maribyrnong and Hobsons Bay, to move quickly to report ransomware attacks to law enforcement.

This follows recent research confirming that victims who reported incidents to authorities experienced significant time and cost savings.

An IBM Security’s Cost of a Data Breach Report 2023, found organisations that did involve law enforcement in their response to cyber-attack incidents saw significant time and cost savings as a result.

The report confirmed 37 per cent of ransomware victims opted not to involve law enforcement to help contain a ransomware breach.

Those which did notify authorities experienced a much less costly ransomware breach overall, and had their attack incident resolved faster.

The report estimated the average cost of a ransomware breach was about $7.6 million when authorities were not involved compared to an estimated $6.9 million when the incident was reported to law enforcement.

AFP Commander Chris Goldsmid said the AFP was equipped to combat ransomware incidents, and led the taskforce to coordinate national law enforcement effort against ransomware.

“We know that ransomware attacks are unfortunately becoming more prevalent in our digital world,” he said.

“The AFP is urging Australians and Australian businesses to come forward and report any ransomware breaches as soon as possible. We don’t want you to go it alone.

“If we are alerted to an incident in its earliest moments, we have our best shot at gathering the evidence we need to identify those responsible for the attack, disrupt their activities and bring them to justice.”

Between July 1, 2022 and June 30, 2023, the AFP-led taskforce captured and analysed 204 ransomware incidents.

Early reporting supported the AFP’s Cyber Command to undertake 57 disruptions between July 1, 2022 and June 30, 2023, preventing the loss of $30 million.

Commander Goldsmid said the new data was proof of the importance of reporting cybercrime incidents to law enforcement as soon as the crimes became apparent.

“Investigating these incidents and protecting the community is our priority,” he said.

“This report shows involving law enforcement and enabling investigations to start immediately can cut the total time of these incidents by weeks or even months, limiting the damage caused by criminals.”

In late 2022, the AFP established Operation Guardian, in response to the growing sophistication and impact of ransomware attacks and data breaches targeting Australian businesses online.

Commander Goldsmid said the AFP, together with commonwealth and international partners, remains committed to identifying and disrupting criminal groups behind ransomware attacks in Australia and around the globe.

“We have a crucial role in the disruption and dismantling of these dangerous ransomware groups- no matter where they are in the world,” he said.

“The AFP has significant powers within its remit, including legislation that precludes the AFP from revealing when they are in use.

“Those powers should serve as a warning to hackers, and those who will attempt to piggyback off those criminals, that the AFP will relentlessly pursue them.

“If you believe you are a victim of cybercrime, report it to ReportCyber. If there is an imminent threat to your safety, call triple-zero.”