Clare O’Neil, the Minister for Home Affairs of Australia, says the government is setting up “a permanent standing operation” that will “scour the world” and “hunt down the criminal syndicates and gangs who are targeting Australia in cyber attacks and disrupt their efforts.”
In an interview with ABC Insiders, O’Neil said this new initiative would be a joint effort comprised of personnel from the Australian Federal Police (AFP) and the Australian Signals Directorate (ASD).
The Australian minister said the task force’s first priority would be on ransomware cartels.
The focus on ransomware follows the recent ransomware attack on Australian private insurance provider Medibank. The company says attackers broke into its network, stole internal files—including sensitive personal and healthcare details on 9.7 million Australians—encrypted files, and demanded a ransom. When it refused to pay, the ransomware gang, going by the name of BlogXX, believed to be a spin-off from the infamous REvil ransomware operation, started leaking some of Medibank’s patient records—as a form of intimidation and put public pressure on the company to pay the ransom.
One of the group’s first leaks was a file labeled “abortions”.
The group’s activities have been met with outrage and significant political attention from the highest levels of the Australian government.
“This is Australia standing up and punching back. We are not going to sit back while our citizens are treated like this way and allow there to be no consequences for that,” O’Neil said.
“This is a new operation, a permanent standing force if 100 of the best most capable cyber experts in this country that will be undertaking this task for the first time. Offensively attacking these people […] This is not a model of policing where we wait for a crime to be committed and then try to understand who it is and do something to the people who are responsible,” O’Neil explained. “We are offensively going to find these people, hunt them down, and debilitate them before they can attack our country.”
— Clare O'Neil MP (@ClareONeilMP) November 13, 2022
O’Neil’s statement came on the same day that the AFP issued a press release identifying the Medibank hackers as being located “in Russia.”
“We believe we know which individuals are responsible but I will not be naming them,” said AFP Commissioner Reece Kershaw. “What I will say is that we will be holding talks with Russian law enforcement about these individuals.”
After years during which law firms, cyber-insurance providers, and even security firms and law enforcement have closed their eyes during ransomware negotiations and allowed victims to pay ransom demands in order to placate attackers, these criminal cartels have grown their operations and intensified attacks feedings on profits but also on a sense of invincibility.
Cases where law enforcement agencies fought back and hacked the hackers have been very rare so far. Success stories include the DOJ recovering Colonial Pipeline’s payment to the Darkside group and US CyberCom and the FBI both hacking REvil’s servers following the Kaseya attack. Both Darkside and REvil shut down following these “offensive” operations.
Further to the announcement of the taskforce, O’Neil lauded Medibank’s decision not to pay its attackers and suggested the government might look into a law banning ransomware and data extortion payments altogether, which the official hopes will strangle the financial incentive behind most attacks.
I want Australia to be the most cyber-safe country in the world. The payment of ransoms directly undermines that goal.
— Clare O'Neil MP (@ClareONeilMP) November 7, 2022