Australia to Stiffen Prison Sentences for Ransomware Offenders to 25 Years

Australian legislators are revising their criminal code to modernize criminal offenses and procedures related to cybercrime.

The proposal seeks to update laws to account for threats like ransomware, IT Pro reports. Acknowledging the growing threat of ransomware to critical infrastructure worldwide, lawmakers down under want to increase prison sentences to as long as 25 years if the attack affects at least one Australian citizen – even for an attack outside Australia’s borders.

Legislators believe a strong enough sentence should deter would-be offenders. Police will also be allowed to seize cryptocurrencies and other digital assets associated with cybercrime.

The amendments further crack down on Ransomware-as-a-Service (RaaS) by creating a new offense for those who buy or sell software tools that facilitate ransomware attacks.

Worldwide, cybercrimes carry widely disparate sentences, depending on the type of crime, impact and local legislation.

For example, the US Department of Justice announced in December 2021 that a Russian national had been sentenced to four years in prison for his role in operating the Kelihos botnet. 41-year-old Oleg Koshkin was charged for helping Kelihos stay undetectable by antivirus vendors.

That same month, the Ontario Provincial Police (OPP) arrested and charged an Ottawa resident with multiple cybercrimes following a 23-month investigation. Officials said the threat actor was the most prolific criminal of his kind identified in Canada.

Earlier that month, a member of the international hacking ring “The Community” was sentenced in the US state of Missouri in connection with a multi-million-dollar SIM hijacking conspiracy. Garrett Endicott, 22, only got 10 months in prison and was ordered to pay restitution of around $120,000, according to the DOJ.

Earlier this month, Canadian authorities arrested and sentenced Sebastien Vachon-Desjardins, a key member of the NetWalker ransomware group, seizing millions of Canadian dollars and large amounts of cryptocurrency. The judge, who found the defendant “good-looking, presentable, and instantly likeable,” commended his cooperative attitude in identifying and restituting some of the stolen funds to his victims.

Desjardins got a seven-year sentence for victimizing 17 Canadian entities and others around the world by breaching their computer networks, hijacking their data, holding it for ransom, and distributing stolen information when ransoms were not paid.