Schools, hospitals, City of Atlanta. Garmin, Acer, Washington, DC Police. That much no one is safe against the scourge of ransomware. In recent years, soaring ransom demands and blind targeting to have climbing, with no relief in sight. Today, a recently formed public-private partnership is taking the first steps towards a coordinated response.
the full frame, overseen by the Institute for Security and Technology’s Ransomware Working Group, offers a more aggressive public-private response to ransomware, rather than a historically piecemeal approach. Launched in December, the task force includes Amazon Web Services, Cisco and Microsoft, as well as the Federal Bureau of Investigation, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and the UK’s National Crime Agency. Drawing on recommendations from cybersecurity companies, incident responders, nonprofits, government agencies and academics, the report calls on the public and private sectors to improve defenses, develop plans for response, to strengthen and expand international law enforcement collaboration and to regulate cryptocurrencies.
The specifics will matter, however, as will the level of membership of government agencies that can actually effect change. The US Department of Justice recently formed a ransomware task force and the Department of Homeland Security announced in february that it would expand its efforts to fight ransomware. But these agencies don’t play politics, and the United States has struggled in recent years to produce a truly coordinated response to ransomware.
“We need to start treating these issues as fundamental issues of national security and economic security, and not as little special issues,” said Chris Painter, former head of cybersecurity at the Department of Justice and the White House who has contributed to the report as chair of the Global Forum on Cyber Expertise Foundation. “I hope we get there, but it’s always been an uphill battle for us in cyberrealm to try to get people’s attention to these really big issues.
Thursday’s report details the threat posed by the ransomware players and actions that could minimize the threat. Law enforcement agencies face a range of jurisdictional issues in tracking ransomware gangs; The framework discusses how the United States could negotiate diplomatic relations to involve more countries in the ransomware response, and attempt to involve those who have historically acted as havens for ransomware groups.
“If we tackle countries that don’t just turn a blind eye, but actively endorse this, it will pay dividends in tackling cybercrime far beyond ransomware,” says Painter. He admits it won’t be easy, however. “Russia is always difficult,” he said.
Some researchers are cautiously optimistic that if adopted, the recommendations could really lead to increased collaboration between public and private organizations. “Larger workgroups can be effective,” says Crane Hassold, senior director of threat research at email security firm Agari. “The benefit of having the private sector in a task force is that we generally understand the magnitude of the problem better, because we see so much more of it every day. Meanwhile, the public sector is better able to remove the smaller components of the cyberattack chain in a more surgical way. “
The question, however, is whether the IST Ransomware Task Force and new U.S. Federal Government organizations can translate the new framework into action. The report recommends the creation of an interagency task force led by the National Security Council, an internal joint US government ransomware task force, and an industry-led ransomware threat hub, all overseen and coordinated by the White House.
“It really requires very decisive action on a number of levels,” said Brett Callow, threat analyst at anti-virus company Emsisoft. “Meanwhile, executives are all fine and fine, but getting organizations to implement them is a whole other thing. There are many areas where improvements can be made, but they won’t be fixes overnight. It will be a long and difficult task.