Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

4/30/2021
04:55 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Ransomware Task Force Publishes Framework to Fight Global Threat

An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model.

The Ransomware Task Force (RTF) this week published a report detailing recommendations to fight back against the operators and infrastructure that drive ransomware, which its team of experts describes as a "serious national security threat" and "public health and safety concern."

More than 60 people from software companies, security vendors, government agencies, nonprofits, and academic institutions teamed up with the Institute for Security and Technology (IST) to create the RTF, which launched last December. Participants include Microsoft, McAfee, Rapid7, Amazon, Cisco, the Cyber Threat Alliance, the Global Cyber Alliance, US Department of Justice, Europol, and the UK's National Crime Agency, among many others.

Related Content:

Ransomware Recovery Costs Near $2M

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: Ghost Town Security: What Threats Lurk in Abandoned Offices?

In their 81-page report, "A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force," experts share proposed guidance to deter ransomware attacks, disrupt its business model, help organizations prepare, and better respond to the global threat.

While other threats, such as business email compromise, also cause tremendous losses for businesses each year, RTF is focusing on ransomware because of its massive impact.

"One of the concerns we have is the scope and scale of ransomware," says Megan Stifel, executive director for the Americas at the Global Cyber Alliance and co-chair of the RTF. "It's holding parts of the ecosystem and the economy at risk, particularly aspects of critical infrastructure, that can give rise to a range of cascading consequences that in some cases individually, or certainly collectively, can create a significant national security problem."

RTF's framework arrives as ransomware attackers continue to evolve their strategies. Ransomware targeted the healthcare industry during a global pandemic and has shut down schools, hospitals, police stations, city governments, and US military facilities, its report points out.

"The professionalism of the affiliates, and focusing on their ability to attack organizations, is probably the biggest challenge," says Raj Samani, fellow and chief scientist at McAfee, of fighting ransomware. "This has supported the big-game hunting strategy and ultimately the ability to get into organizations and disrupt operations or steal data, [which] has given threat actors the ability to demand a lot more than ever before."

The framework outlines 48 actions government and industry leaders can take to disrupt the ransomware business model and mitigate the impact of attacks. While there have been many reports on the growing ransomware threat and widespread recommendations on how to fight it, many organizations struggle to adopt them. The idea behind this framework is to create a more comprehensive, all-hands-on-deck approach to dismantling the ransomware threat.

Some of the RTF's recommendations are listed as higher priority, though it advises viewing them together as a whole. At the top of its list is the suggestion for a coordinated, law enforcement effort to prioritize ransomware through a strategy that includes the use of "a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals," the RTF says in the framework.

"The first priority really does need to be this public pronouncement that ransomware is a serious national security threat, and that governments will work together with the private sector and other stakeholders in reducing its impact through a range of actions, including this idea of enhanced information sharing to support intelligence and enforcement," says Stifel.

There is room for improvement in how this is done, she adds. 

"The ability for the government to ingest information around ransomware needs to improve, but also the ability for industry to share information around ransomware is in significant need of enhancement," Stifel says.

The RTF's second recommendation suggests the US launch an "intelligence-driven anti-ransomware campaign, coordinated by the White House." This must include an Interagency Working Group led by the National Security Council, an internal US government joint ransomware task force, and a private, industry-led informal Ransomware Threat Focus Hub.

Its third prioritized recommendation suggests governments create a cyber response and recovery fund to support ransomware response and other security efforts, mandate victims report ransom payments, and require them to consider alternatives before paying ransom.

Payments were a tricky subject to navigate in the creation of the framework, and Stifel notes the RTF couldn't come to a consensus on whether to prohibit payments. Participants agreed that while paying ransom is detrimental in many ways, there are challenges in barring payments altogether. Doing so "would really put victims in a very hard spot," Stifel adds.

The framework also suggests closer regulation of the cryptocurrency sector and states governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter trading to comply with existing laws, such as Know Your Customer, Anti-Money Laundering, and Combatting Financing of Terrorism.

Ransomware is a rapidly evolving threat, and criminals continue to hone their skills and tactics to successfully extort businesses. McAfee's Samani will elaborate more on this topic and how these changes have influenced the distribution of ransomware in an upcoming RSA Conference session entitled "Ransomware: New Recipe For An Old Dish."

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...