The government has said it's considering forcing companies to report ransomware attacks to its cyber security agency after conceding many were not forthcoming with details.
Home Affairs Minister Karen Andrews told a Canberra business forum on Thursday the federal Australian Cyber Security Centre was well-equipped to handle ransomware attacks but many companies had preferred to keep information under wraps.
"Many businesses who either have been subject to a ransomware attack or are likely to be subject to a ransomware attack [are] not necessarily ... going to be forthcoming in providing that information," Ms Andrews said.
"That could be for a number of reasons, they're concerned about the implications of it being well known that they have been subject to attack, that some of the data has been lost ... and that they're unable to recover that data."
Labor's cyber security spokesperson Tim Watts introduced a private member's bill to parliament on Monday following a number of ransomware attacks in recent years.
Under his proposed laws, businesses and government agencies would need to notify the federal cyber security agency before paying any ransomware demands.
Mr Watts pointed to recent attacks on JBS Foods, Nine Entertainment and UnitingCare Queensland.
When asked whether Ms Andrews supported the bill in legislating mandatory reporting requirements for businesses, she responded she was open to the idea.
"What I don't want to do is end up putting the cart before the horse effectively, and moving directly to 'this is a mandatory reporting of ransomware', when we haven't gone through the process of raising awareness of cyber security and raising awareness of ransomware [and] making sure that we have in place all of the right mechanisms to support businesses," Ms Andrews said.
"So yes, I want to collect the intelligence but I want to make sure that we're doing this in a sensible and rational way.
"But I'm open to exploring this. I am already exploring it."
Mr Watts said he welcomed the minister's comments but urged quick action was needed to curb the rising threat.
"The time to act on ransomware is now. Mandatory notification has been recommended by a wide range of international authorities on this issue," Mr Watts said in response.
"Karen Andrews own departmental secretary told the Senate that it's 'likely' such a scheme 'will be proposed' to government.
"The Morrison government can't keep kicking this can down the road. When taking on this role three months ago, Karen Andrews declared that cyber security was a 'priority' for her. It's time we saw some real action."
Last year, a ransomware attack halted delivery of milk for dairy processor Lion Dairy and Drinks.
Ms Andrews said she wanted businesses to contact the ACSC if they had a ransomware attack or other threats.
The centre, as part of Australian Signals Directorate, was well placed to support firms but relied on businesses sharing information.
"I certainly want the ACSC to be in a position to support businesses who have been subject to a ransomware attack," the minister said.
Global meat processing company JBS Foods paid more than $14 million in bitcoin this month to end a five-day cyber attack that halted operations, including in Australia.
The official line from the federal agency is that paying up encourages cyber criminals.
- with AAP
Our journalists work hard to provide local, up-to-date news to the community. This is how you can continue to access our trusted content: