Malicious cyber actors are continuously targeting critical Australian infrastructure, and they seem to be successful. According to a commercial cyber security report, Australia is the tenth most targeted country for phishing attacks.

Another recent attack on the healthcare sector shows that hackers are now targeting pressure points where victims might be forced to pay the ransom even if the ransom payment does not guarantee any resolution. This phenomenon is called Cyber Big Game Hunting (BGH), where cyber criminals devise a sophisticated attack against high value targets and entities to achieve the maximum return on their investment.

Fortunately, Australia’s law enforcement agencies have been able to identify the cybercriminal who was successful in penetrating Medibank, one of the largest health insurance providers to be attacked recently. However, the culprit is a Russian citizen, and while the Australian Government has hit the individual with sanctions, these have not done enough. In fact, they have made him somewhat famous. Without prosecution for this crime, he may continue criminal activities in cyberspace.

No Extradition, No Punishment

The criminal justice ecosystem works logically. Criminals commit a crime, and then law enforcement shows up and investigates. The criminals are identified, apprehended, and finally prosecuted based on the evidence. However, cybercrime justice is far from this. There are usually three extra challenges in this process: Tracking down (identification) the perpetrator, engaging in cross-border diplomacy, and, finally, extradition. Ransomware groups all around the world are taking advantage of these highly problematic challenges.

Australian has no extradition treaty with any of the big four cyber (Iran, Russia, China, North Korea) threat actors, so sanctions imposed on cyber criminals will hardly have any impact. Unless a criminal is prosecuted, the public will not have the confidence in law and order.

Nations with large internet-using populations will find it more difficult to establish effective cyber awareness and cyber hygiene practices. In this sense, the low population of Australia can play in the nation’s favour when it comes to enhancing resiliency against ransomware attacks. Almost the entire nation is reliant on Internet connectivity and associated digital services. This means there is a high chance that the defence mechanisms against ransomware attacks can be mandated. However, innovative and practical responses are required. One such example is ransomware wargaming.

Ransomware Wargaming

While traditional cyber wargaming emphasises penetration and defence testing, ransomware wargaming is a much more complex simulation but useful for understanding vulnerabilities, tactics, techniques, and procedures followed by major ransomware groups. Hence, these exercises will be more effective in addressing ransomware attacks and will lead to the expedited de-anonymisation of cybercriminals. Almost all law enforcement agencies across the world have recovery plans, but there is hardly any focus on Ransomware Wargaming exercises, particularly when it comes to critical infrastructure such as water treatment plants and supply chains, as well as across the core sectors of healthcare, finance, defence, and education. The key objective of Ransomware Wargaming is to be aware of the tricks employed by the famous cyber-criminal groups and become more resilient in responding to such attacks. In other words, instead of investigating after the attack, it is better to investigate the ransomware groups continuously and being one step ahead of them. Data breaches might be the new normal, but they are never acceptable.

Ransomware Wargaming has several tangible benefits and include making it harder to hack critical infrastructure due to increased resilience and awareness, advanced investigation of cross border ransomware attacks, and faster identification of off shore cyber criminals. Such outcomes will help in dissuading cybercriminals from launching ransomware attacks or participating in Big Game Hunting in Australia.

In sum, the Australian government must consider developing ransomware-wargaming exercises. In addition, for the general public, apart from some awareness campaigns and guidelines, there are hardly any interactive options to understand the graveness of the challenge or what exists in terms of countermeasures. The common tips on using passphrases and multi-factor authentication may not deter some ransomware groups in the near future with the rapid advances in Artificial Intelligence and Quantum Computing. More tailored information on Ransomware Wargaming exercises might be disseminated in multiple ways such as via mobile apps (under myGov), television commercials, and parts of children’s guides to Internet safety. Ransomware wargaming would close a capability gap and work towards both cyber awareness and cyber resilience.

Sascha-Dominik (Dov) Bachmann is Professor in Law and Co-Convener National Security Hub (University of Canberra), University of Canberra, and a Research Fellow with the Security Institute for Governance and Leadership in Africa, Faculty of Military Science, Stellenbosch University. 

Dr Mohiuddin Ahmed is a Senior Lecturer of Computing & Security within School of Science at Edith Cowan University. He is a Senior Member of IEEE and a Fellow of Higher Education Academy.