The online guide directs Australians and businesses through navigating a live ransom attack, from dealing with demands for money to recovering data.

It arrives just one day after new cybersecurity legislation was introduced to parliament which seeks to mandate that Australian companies report when they’ve paid a cyber ransom or face a potential fine of up to $15,000.

Special envoy for cybersecurity Dr Andrew Charlton told The Australian the Ransomware Playbook was in part to help the government gather the true number of attacks taking place.

“There is just a massive number of cyber incidents happening in Australia. Obviously the big ones like MediSecure and Optus were very well reported, but they’re much more prevalent than I think many people realise,” he said.

“We have some indications of how many companies are the subject of an attack, but we don’t have any real formal data because of that.”

Dr Charlton, quoting a recent Telstra survey, said that 48 per cent of Australian companies had experienced a cyber incident in the last 12 months. Of those, 81 per cent experienced a ransom attack and 51 per cent paid the ransom requested.

The topic of paying ransoms has been up for debate across the country for several months, with some, including billionaire WiseTech founder Richard White, believing ransoms should never be paid while others, including new non-profit Australian Cyber Network, of the belief that ransoms need to be considered case-by-case.

The ACN, launched on Wednesday, arrives as an independent replacement to AustCyber, a former government body that was acquired by scale-up hub Stone & Chalk in February 2021. ACN’s founders, former AustCyber staff Linda Cavanagh and Jason Murrell, say industry will benefit from a new and improved industry voice, free of government ties, that is focused on growing the sector and sharing critical information.

The Ransomware Playbook strongly encourages companies to avoid paying ransoms, warning them it could make the company a “potential target” for a second attack.

“There is no guarantee paying the ransom will allow you to regain access to your information or prevent it from being sold or leaked online,” it reads.

Dr Charlton echoed that view but said the government had decided against an all out ban and rather sought to understand which companies were paying and to which criminal organisations.

“We’re just trying to get a better handle on the extent of ransomware payments in Australia so that we can support the Australian economy with this emerging challenge,” he said.

The Ransomware Playbook also warns that paying ransoms could “contravene sanctions measures, which is a serious criminal offence” and could see penalties of up to 10 years in prison or a fine of up to $782,000 for individuals and up to $3.13m for corporate entities.

Behind the government’s view on ransom payments was data that found that 29 per cent of companies which had paid a ransom did not get their data back while 63 per cent were the victim of subsequent attacks, Dr Charlton said.

New MasterCard research released overnight found one in five Australian businesses had received threats using deepfakes – images, video and audio created with artificial intelligence to impersonate a person – over the past year.

About 36 per cent of Australians had also been targeted with deepfake scams over the same period, with 48 per cent of those targeted not reporting the attack.

The Australian presents Innovators: The Next Wave, a panel discussion with technology editor Jared Lynch at SxSW Sydney at 2pm, Monday. Free entry to The Ideas Dome, Tumbalong Park, Sydney.

More Coverage

Backing up data crucial: Cyber Summit

Joseph Lam

‘Catastrophic’: AGL warns on hack ransom ban

David Swan

Originally published as Government launches ‘Ransomware Playbook’ to navigate cyber ransoms