Gai Brodtmann (Canberra, Australian Labor Party, Shadow Parliamentary Secretary for Defence) Share this | Link to this | Hansard source

Two days ago an alert went out saying fake electricity bills are being emailed in an attempt to spread ransomware. The fake email looks like a standard bill, but directs the email recipient to click on a link that takes them to a website designed to install ransomware on the victim's computer. Once installed, this ransomware will encrypt the victim's files, handicapping the computer's functionality, and the attacker will demand payment to fix the problem.

This is certainly not the first time this scam has been perpetrated. In June this year at least 10,000 people reported being scammed by emails looking like AGL bills. The Australian Competition and Consumer Commission's Scamwatch has received nearly 5,000 reports of ransomware this year, up from 4,400 in the year before. Ransomware affects people in every state and every territory, people of every age and every background. It is extortion and it is illegal. But once it has occurred it is very hard to recover from. Systems that have been infected with ransomware nearly always require clean backups in order to be fully restored. Unless you are regularly backing up your system, prevention is critical.

There are steps individuals can take to make sure they are staying safe and secure from the threat of ransomware online. Do not open attachments or click on links in unsolicited or unexpected emails. So many people overlook this. Do not click on those links in unsolicited or unexpected emails. Maintain regular backups of important files and keep the backups in a location isolated from the local network. Keep your computer up to date with antivirus, antispyware and firewall software. I know that the time it takes can quite often impinge on people's online activities, but it is vitally important, for those online activities to continue to take place, for the antivirus software to be kept up to date.

Ransomware is a high-profile crime. We can all imagine what it must be like to experience it. You could be locked out of your means of earning an income. You could have some unknown entity take control of your computer and everything on it, and not know whether you will get it back it not. It is easy to see the temptation to simply pay the ransom that is required by these people issuing the ransomware notices. But the advice of law enforcement agencies is that victims refuse to part with one cent. That is because there is no guarantee that attackers will provide a working decryption tool, and victims are not protected against future attacks. The attackers did it once, and there is nothing to say they will hesitate in doing it again. What becomes a one-off payment quickly becomes a money pit.

But malware is not just being used to extract money. We are talking about intellectual property. We are talking about personal identity. When you think about what malware is capable of disrupting, the cost of prevention pales in comparison to the cost of failing to prevent a cybercrime.

This is particularly the case for small businesses. Having run my own small business for a decade before I came into politics, I am acutely aware of the demands of being self-employed. I was involved in every part of the business, which means I was always on my email. I can only imagine what sort of effect it would have had on my business if I had been locked out of my computer. For nearly a third of Australian small businesses, it is not something they need to imagine, because 30 per cent—I was really surprised and horrified by this figure—of small businesses experienced a cybercrime incident in the year prior to June 2015. The threat is real and it is happening now. I encourage small businesses to consider what a breach might cost them and their business's reputation. Determining potential losses can help focus your resources in the right places and on the right vulnerabilities. A stitch in time by a company today could save nine, if it helps it to respond quickly and resolve a breach more effectively.

Ransomware and other financial cyberthreats are the new normal. We will not eradicate this threat, but we can manage it with cooperation. Few of the cybersecurity challenges facing government are not also facing the private sector. Business and government need to get better at sharing the risk of these threats. We all need to take this seriously. The online world is full of opportunities, but it also has its share of threats for government, for businesses and for individuals. We need to work together to feel safe in this environment.