Australian ransomware victims now must tell the government if they pay up therecord.media/australia…

Australia became on Friday the first country in the world to require victims of ransomware attacks to declare to the government any extortion payments made on their behalf to cybercriminals.

The law, initially proposed last year, only applies to organizations with an annual turnover greater than AUS $3 million ($1.93 million) alongside a smaller group of specific entities working within critical infrastructure sectors. The turnover threshold is expected to capture just the top 6.5% of all registered businesses in Australia, comprising roughly half of the country’s economy.

Reports will be made to the Australian Signals Directorate (ASD) within 72 hours. Companies that fail to make a report could receive 60 penalty units within the Australian civil penalty system.