Over two dozen nations, including Australia, resolved to battle collectively against the global and escalating threat posed by cyber extortionists, following a US-led anti-ransomware summit.
The United States gathered the countries - with the notable exception of Russia - to unify and boost efforts to fight cybercrime that is transnational, on the rise and potentially devastating.
"The threat of ransomware is complex and global in nature and requires a shared response," the joint summit statement said, adding the nations "recognize the need for urgent action, common priorities and complementary efforts."
These attacks involve breaking into an entity's networks to encrypt its data, then demanding a ransom, typically paid via cryptocurrency in exchange for the key to unlock it.
The nations also resolved to work together in law enforcement operations, which are challenging because they cross borders and require special skills and the use of diplomatic pressure.
Although Russia denies any responsibility, most recent ransomware attacks against the United States have been blamed on Russian-speaking hacker groups or those operating from Russian territory.
White House officials said Russia was not invited to this "first round" of talks, but that the United States has opened a separate line of communication with Russia on the sensitive topic.
In Australia, the government said it is taking action to protect the community and economy from ransomware attacks, announcing new criminal offences, tougher penalties and a mandatory reporting regime as part of a new and comprehensive Ransomware Action Plan.
On Wednesday, Home Affairs Minister Karen Andrews said individuals, businesses, and critical infrastructure across Australia will be better protected as a result of the new plan.
Minister for Home Affairs Karen Andrews. Source: AAP
"Stealing and holding private and personal information for ransom costs victims time and money, interrupting lives and the operations of small businesses."
Under the plan, the government will introduce a new stand-alone aggravated offence for all forms of cyber extortion and a new stand-alone aggravated offence for cybercriminals seeking to target critical infrastructure.
The plan will also criminalise the act of dealing with stolen data knowingly obtained in the course of committing a separate criminal offence, the buying or selling of malware for the purposes of undertaking computer crimes.
In addition, legislation will be modernised to ensure that cybercriminals won’t be able to benefit from their gains. With this plan, law enforcement will be able to better track, seize, and freeze cyber criminals’ financial transactions in cryptocurrency.
The government will also develop a mandatory ransomware incident reporting system.
Tech giants - such as Google, Microsoft and Intel - have criticised the reforms as potentially allowing authorities to access their networks with a lack of due process.
