Bell & Senior Logo

What is ransomware and what are my legal options if attacked?

Cyber Risk

Ransomware attacks have become one of the most significant cyber threats facing Australian businesses. These attacks can cripple operations within minutes and create complex legal and ethical dilemmas.

1. What is Ransomware?

Ransomware is malware that encrypts your files, systems, or entire network, rendering them inaccessible. The attacker then demands payment (typically in cryptocurrency) in exchange for the decryption key. Modern “double extortion” attacks also threaten to publish stolen data if payment is not made.

In Australia, paying a ransom is not currently illegal for most businesses. However:

  • The Government has strongly discouraged ransom payments, and legislation is evolving.
  • Payments may violate Australian sanctions laws if the attacker is connected to a sanctioned entity (e.g., certain Russian or North Korean groups).
  • Paying does not guarantee you will receive a working decryption key or that your data won’t be published anyway.
  • Payments may fund organised crime and encourage future attacks on your business or others.

3. What Should You Do Immediately?

  • Isolate affected systems to prevent spread.
  • Do not restart systems – this can destroy forensic evidence.
  • Engage incident response legal counsel to protect communications under privilege and advise on regulatory obligations.
  • Report to the Australian Cyber Security Centre (ACSC) at cyber.gov.au.
  • Notify your cyber insurer (if applicable) before engaging any third-party vendors.
  • Assess whether personal data was accessed to determine if the NDB scheme applies.

4. The Role of Cyber Insurance

If you have cyber insurance, your policy may cover:

  • Forensic investigation and IT recovery costs.
  • Legal fees for incident response and regulatory compliance.
  • Business interruption losses.
  • In some cases, ransom payments (though insurers increasingly exclude this).

Critical: Most policies require immediate notification and use of panel-approved vendors. Failing to follow these requirements may void your coverage.

5. Ongoing Obligations

After containing the immediate threat, you must:

  • Complete your NDB notification (if applicable) within 30 days.
  • Conduct a post-incident review to identify vulnerabilities.
  • Update policies and training to prevent recurrence.
  • Consider whether you need to notify business partners or customers contractually.

Ransomware Response Support

We provide rapid-response legal counsel for businesses facing ransomware attacks, helping you navigate the legal, regulatory, and insurance complexities.

Under attack? Contact Bell & Senior immediately. Call (07) 5532 8777.

Previous Question What is business email compromise (BEC) and how can I protect my business? Next Question How do I manage the legal risks of using Artificial Intelligence (AI)?
← Back to Technology