Australia Orders Ransomware Payment Reports in 3 Days

Australia has enacted new regulations mandating that covered organizations report ransomware and cyber extortion payments within three days. The requirement is part of a broader effort to strengthen the country’s cybersecurity posture and improve incident transparency. Under the new rules, entities classified as covered organizations must disclose any payments made in response to ransomware attacks or similar cyber extortion events within the 72-hour window.

The measure aims to provide authorities with timely information to assess threats, coordinate responses, and support broader cyber defense strategies. It also seeks to deter ransom payments by increasing scrutiny and accountability among targeted organizations. While the regulation does not ban the payments themselves, it introduces a compliance framework to track and analyze such incidents more effectively.

The reporting obligation is expected to impact sectors most vulnerable to cyberattacks, including critical infrastructure and financial services. The move reflects Australia’s ongoing commitment to reinforcing its national cyber resilience amid rising global threats.