A group of 60 experts including the RCMP’s National Cyber Crime Coordination Unit has issued a detailed plan for fighting ransomware, calling on the governments around the world to take action.
“Ransomware attacks will only continue to grow in size and severity unless there is a coordinated, comprehensive, public-private response,” the 80-page report says. “It will take nothing less than our total collective effort to mitigate the ransomware scourge.”
It was created by a ransomware task force assembled by the U.S.-based Institute for Security and Technology. Members include experts in the tech industry from Amazon, Palo Alto Networks, Cisco Systems, CrowdStrike, Deloitte, Microsoft and many others, as well as agencies such as the FBI, the U.K.’s National Cyber Security Centre, and Oxford university’s school of government.
The authors created 48 recommendations, five of which are priorities:
- Co-ordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.
- The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House. This must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.
- Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments; and require organizations to consider alternatives before making payments.
- An internationally coordinated effort should develop a clear, accessible, and broadly adopted framework to help organizations prepare for, and respond to, ransomware attacks. In some under-resourced and more critical sectors, incentives (such as fine relief and funding) or regulation may be required to drive adoption.
- The cryptocurrency sector that enables ransomware crime should be more closely regulated. Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading “desks” to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.
“Despite the gravity of their crimes, the majority of ransomware criminals operate with near-impunity, based out of jurisdictions that are unable or unwilling to bring them to justice,” the report says. “This problem is exacerbated by financial systems that enable attackers to receive funds without being traced.”
Ilia Kolochenko, CEO of Swiss-based Immuniweb, said the report is valuable and has bright ideas. However, he added that most of them are far too expensive from a practical viewpoint.
“Strong global collaboration to combat cybercrime is probably a utopia,” he said. “I’d rather suggest treating the root cause of ransomware: The widespread lack of basic cyber hygiene. Even the largest organizations from regulated industries often fail to follow the basics: maintain an up to date asset inventory, implement risk-based and threat-aware security controls, perform continuous security monitoring and anomaly detection, conduct ongoing security training and awareness, maintain software and patch management programs, and to enforce centralized identity management. Most organizations have no third-party risk management programs, lack Dark Web monitoring and incident detection and response (IDR) plan. Unless we can motivate and support targeted organizations to attain a basic level of cyber hygiene, ransomware will continue flourishing.”