Security news that informs and inspires

Ransomware Task Force to Figure Out How To Fight Ransomware

A group of security and technology vendors, non-profit groups, and other organizations have formed a coalition to tackle the impact of ransomware on various industry sectors such as government, education, healthcare, and other critical verticals .

The Ransomware Task Force will develop a “standardized framework” that will help organizations across industry verticals defends themselves from ransomware attacks, said the Institute for Security and Technology, who created the task force. The coalition plans to tackle the thorny question of how organizations should fight ransomware by assessing existing technical solutions to ransomware attacks, identifying gaps in those solutions, and develop a “common roadmap” with “clear recommendations for both public and private action that will significantly reduce the threat posed by this criminal enterprise,” IST said.

“The RTF’s founding members understand that ransomware is too large of a threat for any one entity to address, and have come together to provide clear recommendations for both public and private action that will significantly reduce the threat posed by this criminal enterprise,” IST wrote in its announcement.

The difference between this framework and other, prior, efforts is that the framework would be based on industry consensus rather than the advice of individual groups dealing with the problem separately, IST said.

“Ransomware is a scourge on society and disgusting and it’s past time we figured out how to beat this together.”

There are 19 founding members, including security and technology vendors, think-tanks, industry groups, and academic institutions: security vendors Cybereason, McAfee, Rapid7, SecurityScorecard, Stratigos Security, and Team Cymru; technology vendors Citrix and Microsoft; think-tanks Aspen Digital and Third Way; industry groups Cyber Threat Alliance, CyberPeace Institute, Cybersecurity Coalition, Global Cyber Alliance; non-profit Shadowserver Foundation; academic institution UT Austin Stauss Center; insurance company Resilience; and law firm Venable LLP.

The member organizations intend to meet over the first quarter of 2021 to develop the roadmap with concrete objectives and actionable milestones, said Philip Reiner, a former National Security Council official and chief executive of the Institute for Security and Technology. The website with full membership details and leadership roles will launch January 2021 and the goal is to finalize the task force’s report “soon after” the RTF concludes in March or April 2021.

Cyber-insurance is “an important factor in moderating risk and incentives with ransomware attacks,” Reiner said, noting that insurance company Resilience is one of the founding members.

This is the kind of effort that doesn’t need to be done through government because the private sector can do it on a voluntary basis, said Ari Schwartz, executive coordinator at the Cybersecurity Coalition. Success would depend on participation from all stakeholders, including technologists, security experts, policy leaders, lawyers, and former government officials. The task force is the right approach for developing solutions for fighting ransomware because many of the “potential solutions involve cooperation and critical mass,” such as finding ways to share information about incidents and actors without embarrassing or punishing victims.

The framework will “have a major impact with recommendations for policymakers in the private sector and at all levels of government,” Schwartz said.

Task Force Goals

“Ransomware is a scourge on society and disgusting and it’s past time we figured out how to beat this together,” said Sam Curry, chief security officer of Cybereason.

Reducing hackers’ attempts to amplify the impact of ransomware attacks will driving down ransomware costs for the victim and decrease the victim’s inclination to pay ransom demands, Curry said.

Organizations already have access to several tools and services to combat ransomware, such as decryption keys from the No More Ransom project, toolkits for businesses to evaluate their cybersecurity posture, information sharing-repositories such as ID Ransomware, and incident response teams from the Cybercrime Support Network, said Reiner. However, there are organizations who may not even know about the tools, many of which are available for free, or even how other organizations have handled the problem. The task force will not be creating a product to advice organizations on how to respond, Reiner said. The focus will be on bringing awareness and resources by having different groups across industry sectors speak open with each other and develop common strategies.

Typically, when an organization realizes it has been hit by a ransomware attack, it brings in a security expert—an incident response team, for example—to advise the organization on what to do. That may mean buying cryptocurrency and paying the ransom. It may mean giving the insurance company a call. It may mean looking back at disaster recovery plans. It will differ from organization to organization, from consultant to consultant. The task force’s recommendations would it possible for victims across industry sectors to respond similarly—using optimal methods—to ransomware attacks.

Ransomware has been a challenge for organizations, regardless of size. Just being a larger organization——such as the City of Baltimore or the largest electronics manufacturing company in the world Foxconn——doesn't mean they are magically prepared to handle the attack. A small organization has less resources, and may not even know what to do or in what order. A framework can be useful in this context. The key is to avoid a framework that is so high-level and generic that organizations can't work with it.

While the task force recommendations will address mitigating the attack, Reiner said the coalition plans to look at every step of the kill chain, including prevention and deterrence.

“What we are missing is a national plan not just to respond on a case-by-case basis, but to combat the use of ransomware at all levels of the kill chain,” Reiner said.