Australia could consider barring businesses from making ransomware payments to criminals, the country’s cyber security minister said Sunday (Nov. 13).
“The idea that we’re going to trust these people to delete data that they have taken off and may have copied a million times is just frankly silly,” Minister for Cybersecurity Claire O’Neil said in an interview with the country’s ABC News.
The report noted that Australia’s government has supported a decision by health insurance company Medibank not to pay a $15 million ransom to prevent hackers from releasing customers’ mental health information.
“We’re standing strong as a country against this, we don’t want to fuel the ransomware business model,” O’Neil said.
Earlier this month, the U.S. Financial Crimes Enforcement Network (FinCEN) announced that the number of ransomware attacks reported by financial institutions (FIs) and occurring in 2021 had doubled since 2020.
The number leaped 108% from 602 in 2020 to 1,251 in 2021, said FinCEN, noting that the dollar amounts involved in those incidents rose 68% from $527 million in 2020 to $886 million in 2021.
Meanwhile, the frequency and value of the attacks rose during the second half of the year. While 458 incidents with a value of $398 million happened between Jan. 1 and June 30, 793 attacks with a value of $488 million happened between July 1 and December 31 of last year.
“Today’s report reminds us that ransomware — including attacks perpetrated by Russian-linked actors — remains a serious threat to our national and economic security,” FinCEN Acting Director Himamauli Das said.
PYMNTS reported in September that cyberattacks on healthcare payment processors are on the rise, with a number of reports of victims’ payments being redirected by thieves using employees’ publicly-available personally identifiable information (PII) and social engineering methods to impersonate victims.
The cybercriminals impersonated victims and got access to files, healthcare portals, payment information and websites, according to the FBI. In one case, the attacker redirected $3.1 million after changing their victims’ direct deposit information.