Companies would be forced to report ransomware attacks and new cyber offences would be created under a federal government overhaul.
Home Affairs Minister Karen Andrews has flagged new stand alone offences including for cyber extortion and the targeting of critical infrastructure.
Dealing with stolen data knowingly obtained in the course of a separate offence would also be criminalised as would the buying or selling of malware for criminal purposes.
Businesses with an annual turnover of more than $10 million would be subject to a mandatory ransomware incident reporting regime.
"Ransomware gangs have attacked businesses, individuals and critical infrastructure right across the country," Ms Andrews said.
"Stealing and holding private and personal information for ransom costs victims time and money, interrupting lives and the operations of small businesses."
Ransomware is a form of malicious software or malware used by cybercriminals to lock someone out of their files or computer.
Hackers demand money in exchange for restoring access.
Ms Andrews stressed the government did not condone ramson payments to hackers.
